News roundup: May 2018

The Bank of England implements reforms to the SONIA benchmark. Plus: corporates badly underprepared for cyberattacks, finds Lloyds

Bank of England puts SONIA reforms into action

The Bank of England has implemented a set of long-planned reforms to the Sterling Overnight Index Average (SONIA), consolidating its management of the rate.

As the Bank noted in a 23 April statement, up to that date SONIA was based upon the brokered deposits market, which has limited transaction volumes. Since then, however, it captures a broader range of overnight unsecured deposits, with bilaterally negotiated transactions included alongside brokered transactions.

Transaction volumes that underpin SONIA under the new methodology now average around £50bn per day: more than three times the size of the volumes that previously anchored the rate. The change marks a decisive moment for the UK financial system’s pivot away from Libor. While that rate was determined on the basis of ‘expert judgement’ submissions from panel banks, SONIA is gauged via hard transactions data.

Bank of England deputy governor for markets and banking David Ramsden said: “Today’s implementation of the reforms to SONIA is an important milestone in the bank’s delivery of improvements to the resilience and effectiveness of financial markets. The reforms improve the sustainability and representativeness of this key piece of the sterling market infrastructure.”

For further details on the bank’s SONIA policies, click here.

Corporates woefully underprepared for cyberattacks, finds Lloyds survey

While 80% of UK business leaders are worried about the financial impacts of cyberattacks on their firms, only a third have drawn up specific resilience plans, it has emerged. The figures surfaced in a recent straw poll of 150 executives from a mixture of SMEs and multinationals at Lloyds Bank’s inaugural Cyber Beyond IT event.

In perhaps the most concerning finding, more than a third of the executives polled said they would be prepared to pay a ransom in order to restore systems and/or retrieve data affected by cyber incidents. The poll also discovered that:

  • almost two thirds (65%) of firms said it would take them six months or more to recover from a disruptive cyberattack, while almost a fifth (18%) said they would need one year or more to bounce back;
  • more than four in 10 businesses (43%) have no financial cash reserves in place as a contingency against cyberattacks;
  • only around half (53%) of firms routinely discuss cyber risks at their board meetings; and
  • less than a quarter (24%) of firms have taken out dedicated cyber insurance policies.

Lloyds Bank Commercial Banking head of data & cybersecurity Giles Taylor said: “A common problem faced by businesses is failing to understand the full financial impact of a cyberattack. Businesses recognise that there will be disruption – but if recovery is going to take months or years, rather than weeks, then without a plan the financial implications can be disastrous.”

He added: “A cyber crisis can quickly turn into a liquidity crisis – and the sudden drain on cash reserves could affect a firm’s ability to pay staff or suppliers and stay afloat.”

ECB and Bank of England put heads together on post-Brexit risks

At the urging of the European Commission and HM Treasury, the European Central Bank and Bank of England will form a joint technical working group with the aim of devising strategies to manage financial risks during the period around 30 March 2019: the day after the UK leaves the EU. Demonstrating the high-level nature of the tie-up, the working group will be co-chaired by the heads of each bank. Other relevant authorities will be invited to participate on an issue-by-issue basis.

Responding to the joint announcement, UK Finance CEO Stephen Jones said that it “provides a significant and welcome step in ensuring that financial services firms can continue to meet the needs of their customers across the EU as well as the UK”. He added: “It is positive to see the European Commission and the UK government taking a pragmatic and prudent approach in managing potential risks in March 2019, resulting from the UK’s exit from the EU.”

Jones added: “We hope that this joint technical working group will be able to provide firms and customers on both sides of the Channel with sufficient legal and regulatory certainty around issues such as contractual continuity and access to data.”

TheCityUK chief Miles Celic noted: “Not all challenges thrown up by Brexit can be solved by the industry, the UK or the EU in isolation. There are many practical issues which require close regulatory dialogue and cooperation. The new working group is a positive and pragmatic development.”

Watchdogs setting sights on cloud providers, says report

Regulators are beginning to assess whether the cloud industry poses a systemic threat to banks and corporates, according to a Financial Times report. The piece notes that the Prudential Regulation Authority is expected to publish a forecast of what could happen in the event of large-scale cloud disruption, while the US Office of the Comptroller of the Currency is undertaking a review of banks’ relationships with third-party vendors – including cloud operators.

The regulatory scrutiny is stemming from growing concerns over the dominance of providers such as Amazon Web Services, Microsoft and Google, whose platforms are increasingly relied upon to host major systems on behalf of financial and non-financial entities. An anonymous senior UK banking executive told the paper that watchdogs are “taking a much keener interest as more and more systems move to the cloud – not just HR and accounting systems, but also core banking systems”.

The executive added: “The cloud is basically an external provider with almost unlimited capacity. But you need to make sure that they are secure, particularly in a world of cyberattacks and fraud that are becoming more prevalent.”

David Strachan – head of Deloitte’s EMEA Centre for Regulatory Strategy – added: “Given regulators’ increasing concerns about operational resilience, they are bound to scrutinise systemically important firms’ use of the cloud.”

Mexican central bank orders evasive action over payments network hack

The Banco de México issued an alert on 27 April flagging up a series of “operational incidents” at three of the country’s banking brands. Its message cited hackers’ efforts to disrupt national real-time payments network the Sistema de Pagos Electrónicos Interbancarios (SPEI). While the central bank stopped short of providing a full list of the affected brands, Grupo Financiero Banorte tweeted on the same date that it had not been able to connect with the SPEI.

Meanwhile, a Bloomberg report pointed out that the Banco de México had ordered Banco del Bajío – aka BanBajío – to reconnect with the SPEI via an alternative network.

In a statement, the central bank said: “To date, the SPEI infrastructure at Banco de México has not been affected, and there are no indications of effects on the resources of the clients of any of the institutions that participate in SPEI.”

However, it added: “It is possible that the clients of the [three banks will] experience slowness in the sending of their transactions, as well as in the receipt of resources from other financial institutions (possibly of a few hours) and delays in the queries of the electronic certificates of payment.”

Scroll to top