FCA discusses IT outages with investment platforms, emphasizes operational resilience expectations

The Financial Conduct Authority (FCA) is discussing technology failures with several investment platforms after customers were unable to access accounts when stock markets surged in response to the U.S. election result and Pfizer's announced COVID-19 vaccine success. The regulator warned all platforms about operational resilience and technology risks in February.

"We expect investment platforms to plan for unexpected scenarios so that they can continue providing their services to customers and maintain operational resilience. We are aware of the issues [on Monday] and are discussing with the platforms involved," an FCA spokesman said.

Hargreaves Lansdown, Fidelity, AG Bell were among the platforms that experienced difficulties on November 9. Some locked-out investors took to Twitter to vent their frustrations at being unable to access their accounts. Hargreaves Lansdown's customers who could access their accounts reported inaccurate balances and duplicate trade notifications leaving them uncertain as to the actual position of their accounts.

"Customers saying they couldn't trade or couldn't login or the system wouldn't take their order — that's clearly a problem. But it's not the same problem as getting 15 executions when you only wanted one. Fixing that mess is not just a PR exercise. It becomes a logistical challenge to sort out multiple error trades," said Nick Bayley, UK head of Duff & Phelps' regulatory consulting practice in London.

Software not up to scratch, operational deterioration

Industry experts said these platforms' software may not be up to handling volume spikes and maintenance work planned off the back of previous outages may not have been completed or perhaps not as thoroughly executed during the lockdown period. Remote working could also explain firms’ staff potentially missing warning signals that led to Monday's problems.

Another suggestion was the retail service provider (RSP) networks that connect share-trading platforms to their market makers might have played a role in replicating client orders. These networks tend to be quite slow — sending client orders out to market makers for the best price, which is then sent back to the client to accept. Volume spikes may have slowed these networks to the point when a share-trading platform was not getting a price back quickly enough from the RSP network it would send out another message asking for a price on the same trade.

Elena Pykhova, director and founder, the Op Risk Company and chair of the OpRisk Best Practice forum, said while financial services firms have been commended for good operational resilience during the pandemic as it drags on controls may be deteriorating.

"Although there are split opinions, the majority [of the OpRisk Best Practice forum] still thinks working from home is weakening the effectiveness of the second and third lines [of defence]. Where we could effectively collaborate together in the office through mutual interaction and ensure the robustness of standards, controls and their application, because the interactions are now so much more formalized — you have to book a Teams meeting — I wonder whether in the longer term the overall control environment is declining," Pykhova said.

Even if ultimately these outages have no relation to remote working, Pykhova said it should prompt firms to question whether long-term working from home was eroding their operational risk lines of defence.

 

Dear CEO letter

The latest failures come eight months after the FCA sent a " Dear CEO" letter to investment and share-trading platforms which flagged technology and operational resilience as one of the key harms upon which its supervisory strategy would focus.

"Insufficient investment, processes and resources for technology and operations can lead to business continuity issues with services to customers and advisers being unavailable, intermittent or restricted," Debbie Gupta, the FCA's director of supervision – life insurance and financial advice, wrote in February.

Boards and those holding SMF24 status could be in the firing line if they cannot demonstrate that they took appropriate steps to ensure the operational resilience of their platforms. "We expect accountable individuals under the SM&CR to be responsible for operational resilience, prioritising plans and investment choices based on their wider potential impact," Gupta said.

 

Busiest-ever trading day

Several Hargreaves customers said it was not the first such outage the site had experienced. With one user posting a message from the firm dated December 13, 2019, the day after the Conservatives won an emphatic victory in the UK general election, which said: "We are currently experiencing intermittent service issues and are working to resolve this as quickly as possible".

Hargreaves' December incident is understood to have been caused by an inability to get prices from the market. It and Fidelity attributed Monday's disruption to high volumes, however.

"A combination of positive news regarding a COVID-19 vaccine and the U.S. election outcome saw a global surge in investor activity, we experienced our busiest ever trading day and also on our website and app. We know that some clients experienced difficulties when using our services at times and we are very sorry about this, and are swiftly resolving any issues caused," a Hargreaves Lansdown spokesman said.

Hargreaves declined to say how many customers were affected by Monday's incident, but did say it would put customers back to their original positions.

"It becomes a significant task for these platforms. If they've got thousands of these erroneous trades, it's a big exercise. They'll be busy trying to work out how many people have been affected, and then rolling out a robust means of putting things right," Bayley said.

Fidelity does not know how many customers were affected. Some customers successfully accessed its platform, and some were unable to, it said.

"Due to increased volumes of people trying to access the platform, some of our customers experienced intermittent service issues. This was temporary and we apologised for the inconvenience. Customers were able to use our customer services line and we acted immediately to increase our capacity and worked overnight to further enhance our service to resolve this issue. There have been no further reported issues," Fidelity said in a statement.

AJ Bell did not respond to requests to comment.

Regulatory response

How platforms dealt with previous outages could prove significant in discussions with the FCA about this week's failures. The FCA, Prudential Regulation Authority (PRA) and the Bank of England have been clear that boards will be on the hook for operational failings at their firms if they cannot demonstrate that resilience issues have been discussed and actioned at board meetings.

"The FCA, with the PRA and Bank of England has published proposals on our expectations of firms' approaches to operational resilience and our expectations of boards of regulated firms," a spokesman for the FCA said.

Any regulatory action is likely to centre on Principle 3 (A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems) and Principle 6 (A firm must pay due regard to the interests of its customers and treat them fairly).

Fines and departures

In May 2019, the PRA and FCA jointly fined R. Raphael & Sons plc £1.9 million after an IT glitch at a third-party supplier left 3,367 of the bank's customers unable to use their payment and charge cards on Christmas Eve 2015. A contributing factor was that Raphael’s fine had failed to properly investigate and respond to an earlier incident with the same third-party supplier in April 2014. Raphael was fined under Principle 3 and Principle 2 (a firm must conduct its business with due skill, care and diligence).

In September 2018, Paul Pester, then chief executive at TSB, stepped down after a botched IT migration in May 2018 left thousands of the bank's customers unable to access their accounts. An investigation into the incident is continuing at both the FCA and PRA.

Written by:

Thomson Reuters Regulatory Intelligence and Compliance Learning
Contact
more
less

Thomson Reuters Regulatory Intelligence and Compliance Learning on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.