Financial market infrastructures (FMIs) are the networks that enable financial transactions to take place and are a vital part of the UK economy. This means that FMI companies are tightly regulated by the Bank of England to ensure their smooth operation, with technological failures likely to have significant impacts on the UK economy. The financial regulators’ operational resilience policy requires finance sector organisations to ensure their critical business services are resilient to severe but plausible scenarios, including technological failures.
This supervisory framework covers FMIs and Other Systemically Important Institutions (O-SIIs), critical to the UK’s financial stability, who must also consider their risks in relation to harm their institution may cause to the real economy and financial services sector as a whole.
This scenario is based on a technological systems failure causing an outage of a systemically important UK financial market infrastructure (FMI). This would significantly impact the processing of financial transactions. The lack of substitutability of many of these systems and their criticality to the functioning of UK financial systems means a sustained outage could threaten the UK’s financial stability. Impacts would be felt across the UK economy. Given the cross-border nature of the financial system and depending on the duration of the outage, there could be significant international implications as a result, with government reputational loss and significant financial loss.
The scenario assumes that the technical fault directly impacts the IT operations of a UK critical national infrastructure FMI. The scenario assumes that the firm’s impact tolerances (the maximum tolerable level of disruption) are surpassed.
Variations involve different examples of FMIs. Additional scenarios include the technological failure of a systemically important retail bank.
Response capability requirements
Local and national plans would be needed to deal with a surge in demand for consumer-facing financial services. Collective incident response capability under the UK’s Authorities’ Response Framework (ARF).
Depending on the severity of technological failure, a full systems recovery could be protracted. Recovery capabilities would centre on the particular FMI’s response capability requirements. There would be a limited ability to transfer functions or use alternate channels due to the unique profile of each FMI. The recovery would also depend on having a very robust dual site running.