Financial services regulators are struggling to find the right people to oversee IT in banking, despite on-going problems in the sector.
The high pay packets offered by banks will attract the best IT skills available, leaving regulators with a tough challenge to get the skills it needs to bring real change to banking IT.
Banks have complex IT underpinning them and a good understanding of the technology and the business they support is not gained overnight and comes at a cost.
But the Bank of England is not helping itself through its recruitment activity. One IT professional in the banking sector with experience as a chief information officer and chief operating officer at major banks, told Computer Weekly the Bank of England’s recruitment system does not help.
He said he applied to work for the organisation and was prepared to take a large salary cut, because he feels so strongly about fixing banking IT, but did not even receive a reply.
“I don't know about the Financial Conduct Authority (FCA), but when I applied to the Bank of England using their online system, they turned me down without even speaking to me. I have 20 years’ experience in banking IT and helped advise regulators about the year 2000 problem. They could have at least had a ten-minute phone conversation but they don't work like that,” he said.
Jobs were recently advertised by the FCA for the new payments regular, according to Gareth Lodge, an analyst at Celent.
He said the pay on offer was nothing compared with what people with the right skills can command: “The roles at the FCA were advertised – and most banks pay more, a lot more. I suspect the FCA won’t have the budget to employ the quality of people required.”
More on regulators
The UK financial services regulators, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) recently completed an investigation into the massive IT glitch experienced by the Royal Bank of Scotland.
In 2012, customers of RBS, NatWest and Ulster bank were locked out of their accounts for days, as a result of a glitch in the CA-7 batch process scheduler, which froze 12 million accounts. Customers were left unable to access funds for a week or more as RBS, NatWest and Ulster Bank manually updated account balances.
The FCA and PRA fines, £42m and £14m respectively, were directly related to IT failures. The fines will make banks look closely at their IT infrastructures, but the statement from the two regulators mentioned failures to manage risk.
“The actual cause of the IT incident was a software compatibility problem with the underlying cause being the banks’ failure to put in place adequate systems and controls to identify and manage their exposure to IT risks,” said the FCA.
The statements did not mention the role that an offshore service had in the problem, or the fact that RBS and the software supplier CA Technologies settled out of court in relation to the incident and signed a non-disclosure agreement to keep this secret, suggesting some issue with the software.
When asked by Computer Weekly what IT skills the FCA drew upon for the investigation, it said it was made by a third party expert organisation but would not reveal the name.
Chris Skinner, chairman at the Financial Services Club, said the FCA, like other regulators, is becoming more and more informed about technology as there are so many outages. He said the regulators should look at where there are systems risks in the same way as they are looking for bank risks in funding and reserves.
“Systems risks are easy to uncover. For example, they could ask: How old are your systems? How many people have knowledge of the details of these systems? How many outages or downtime issues have you had in the past 12 months and 36 or 60 months? How mission critical is this system?”
He expects more and more IT experts to join regulators. “I can see a time soon, when the regulators will have as many people asking and auditing systems risks as they have asking and auditing liquidity risks. About time.”
Lucy Frew, a financial regulation lawyer at Kemp little, said The FCA, in its Risk Outlook 2014, has identified technological developments as a key risk to its objectives. "At EU level, the Joint Committee of the European Supervisory Authorities has also identified IT-related operational risks as key risks to the stability of the European financial system in its report on risks and vulnerabilities in the EU financial system published on 2 April."
"Given the above, it would be surprising if the FCA is not genuinely open to getting IT professionals in banking to work for it. Traditionally, the FCA and former FSA have employed combinations of professionals - for example, legal, investigative and accountancy – to work together. There is no reason why the FCA should not extend that to include more IT professionals as technology and the financial sector increasingly converge."