UK finance regulators struggle to find IT support

Financial services regulators are struggling to find the right people to oversee IT in banking

Financial services regulators are struggling to find the right people to oversee IT in banking, despite on-going problems in the sector.

The high pay packets offered by banks will attract the best IT skills available, leaving regulators with a tough challenge to get the skills it needs to bring real change to banking IT. 

Banks have complex IT underpinning them and a good understanding of the technology and the business they support is not gained overnight and comes at a cost.

But the Bank of England is not helping itself through its recruitment activity. One IT professional in the banking sector with experience as a chief information officer and chief operating officer at major banks, told Computer Weekly the Bank of England’s recruitment system does not help. 

He said he applied to work for the organisation and was prepared to take a large salary cut, because he feels so strongly about fixing banking IT, but did not even receive a reply.

“I don't know about the Financial Conduct Authority (FCA), but when I applied to the Bank of England using their online system, they turned me down without even speaking to me. I have 20 years’ experience in banking IT and helped advise regulators about the year 2000 problem. They could have at least had a ten-minute phone conversation but they don't work like that,” he said.

Jobs were recently advertised by the FCA for the new payments regular, according to Gareth Lodge, an analyst at Celent. 

He said the pay on offer was nothing compared with what people with the right skills can command: “The roles at the FCA were advertised – and most banks pay more, a lot more. I suspect the FCA won’t have the budget to employ the quality of people required.”

The UK financial services regulators, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) recently completed an investigation into the massive IT glitch experienced by the Royal Bank of Scotland.

In 2012, customers of RBS, NatWest and Ulster bank were locked out of their accounts for days, as a result of a glitch in the CA-7 batch process scheduler, which froze 12 million accounts. Customers were left unable to access funds for a week or more as RBS, NatWest and Ulster Bank manually updated account balances.

The FCA and PRA fines, £42m and £14m respectively, were directly related to IT failures. The fines will make banks look closely at their IT infrastructures, but the statement from the two regulators mentioned failures to manage risk. 

“The actual cause of the IT incident was a software compatibility problem with the underlying cause being the banks’ failure to put in place adequate systems and controls to identify and manage their exposure to IT risks,” said the FCA. 

The statements did not mention the role that an offshore service had in the problem, or the fact that RBS and the software supplier CA Technologies settled out of court in relation to the incident and signed a non-disclosure agreement to keep this secret, suggesting some issue with the software.

When asked by Computer Weekly what IT skills the FCA drew upon for the investigation, it said it was made by a third party expert organisation but would not reveal the name.

Chris Skinner, chairman at the Financial Services Club, said the FCA, like other regulators, is becoming more and more informed about technology as there are so many outages. He said the regulators should look at where there are systems risks in the same way as they are looking for bank risks in funding and reserves. 

“Systems risks are easy to uncover. For example, they could ask: How old are your systems? How many people have knowledge of the details of these systems? How many outages or downtime issues have you had in the past 12 months and 36 or 60 months? How mission critical is this system?”

He expects more and more IT experts to join regulators. “I can see a time soon, when the regulators will have as many people asking and auditing systems risks as they have asking and auditing liquidity risks. About time.”

Lucy Frew, a financial regulation lawyer at Kemp little, said The FCA, in its Risk Outlook 2014, has identified technological developments as a key risk to its objectives. "At EU level, the Joint Committee of the European Supervisory Authorities has also identified IT-related operational risks as key risks to the stability of the European financial system in its report on risks and vulnerabilities in the EU financial system published on 2 April."

"Given the above, it would be surprising if the FCA is not genuinely open to getting IT professionals in banking to work for it. Traditionally, the FCA and former FSA have employed combinations of professionals - for example, legal, investigative and accountancy – to work together. There is no reason why the FCA should not extend that to include more IT professionals as technology and the financial sector increasingly converge."

Read more on IT for financial services

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

The FCA’s claim that the 2012 banking IT outage was a software compatibility problem and can be traced back to the banks’ failure to put in place the right systems is very telling indeed. It highlights not only how hiring the right IT talent is absolutely critical to organisations these days, but also suggests that banks are struggling to keep pace with the changing technology landscape.

Many organisations with mainframe reliance will have mature key applications written in COBOL and PL/I – over many years these applications have been maintained and evolved in order to cope with business demand. With each passing year, however, business and resourcing plans must be updated to reflect the changing dynamics and operational requirements. Skills and resource management is an important part of this.

Among requirements for leading edge skills, demand for core application maintenance and delivery skills remains high. After all, these core COBOL systems continue to power the world’s economy, and studies show the continuing reliance on core business systems such as the mainframe, where applications are written in COBOL.

The long-term success and value of core applications means organisations will need to ensure there is appropriate supply of application expertise in the future. So, for the CIO and their senior recruitment and application leaders, building a resource and skills strategy that aligns to business and technical strategy is imperative.

Jordan Ashman, Micro Focus


We would have the worst of all worlds if the regulators are expected to employ those without the skills and experience necessary to get better paid jobs with the banks to audit the systems of the latter. We need to revisit what we expect of regulators in a world where the technologies and risks are evolving so rapidly. Should we really expect them to second guess the operational management of the banks? SHould they not focus on better ensuring that those who cause the problems are personally held to account for their actions and cannot simply leave it to directors and shareholders, let alone taxpayers, to pick up the tab for reimbursing customers. It is called "professionalism". It is still lacking thirty years after the BCS got its Royal Charter.