44162672 - bank security officer

FCA mandates banks to reveal all security incidents from 2018

The FCA has announced new rules to make it mandatory for banks to inform customers about security incidents from August next year so that customers are better informed while choosing accounts that suit their needs.

FCA intends to change the way banks and other financial firms disclose security incidents to it as well as to their customers in the future.

Earlier this year, the Information Commissioner’s Office revealed that financial services in the UK suffered a total of 140 data breaches between April 2016 and March 2017, a 25% increase compared to the previous year.

However, FCA records obtained under a Freedom of Information request revealed that the authority was made aware of only two instances of data breach by financial advisers and pension providers between March 2013 and May 2017.

In the same period, the FCA was made aware of nine breaches suffered by insurance firms and 15 breaches suffered by lenders in the same period. As such, the amount of information that the FCA held with respect to data breach incidents paled in comparison to the information available with the ICO.

To ensure that financial services and banks report incidents of data breach to the authority as well as to customers, the FCA today announced new rules to make it mandatory for banks to inform customers about operational and security incidents from August next year so that customers are better informed while choosing accounts that suit their needs.

‘Current account providers must publish the information on when and how services and helplines are available and numbers of operational and security incidents from 15 August 2018. They must publish the remaining information from February 2019. This includes account opening metrics and time taken to replace a debit card metrics,’ said the FCA in a press release.

At the same time, banks have been asked to ensure that customers will be aware of how and when services and helplines are available, contact details for 24-hour helplines, how often banks have had to report major operational and security incidents and the level of complaints made against such banks.

The new rules will apply to ‘firms that accept deposits (banks and building societies) and provide payment accounts as defined by the Payment Accounts Regulations (typically PCAs) or BCAs that have the features of a payment account’, said the FCA.

‘We recognise that vulnerability arises for many reasons, with circumstances that can be specific to a single individual. We look forward to working with the FCA and UK Finance to coordinate the development of a voluntary industry agreement to provide relevant and helpful information to customers who find themselves in vulnerable circumstances,’ said James O’Sullivan, BSA Policy Adviser.