Regulators finally act over replatforming chaos

Regulators finally act over replatforming chaos

Following replatforming issues at Aegon and Aviva, the UK's financial services regulators have united to tell providers to up their game and make their systems more resilient to cyber attacks and outages.

In a 48-page discussion paper published this morning by the Financial Conduct Authority, the Bank of England and the Prudential Regulation Authority has stated senior managers should take responsibility for creating back-up plans if their systems go down.

The publication of the paper comes after problems at Visa, which left millions of people across Europe unable to make payments, and issues at TSB, which saw nearly two million people being locked out of online banking services.

Over the May Bank Holiday weekend more than 400,000 users of the Cofunds retail platform and £37bn of assets were moved across to the Aegon Platform.

Aegon bought Cofunds in 2016 for £140m and has been planning the integration of the two platforms ever since.

Since the replatforming, FTAdviser received feedback from advisers around the country that reported difficulties using the revamped platform.

Aviva's platform was unavailable for six days beginning on the evening of 17 January and just one day after it came back online advisers and their clients found themselves locked out.

Since then there have been a litany of problems with processing adviser charges, switching funds, processing income drawdown, facilitating Isa contributions and erroneous alerts sent out indicating huge value drops in client portfolios.

The discussion paper stated: "Operational disruption can impact financial stability, threaten the viability of individual firms and financial market infrastructures, or cause harm to consumers and other market participants in the financial system.

"A resilient financial system is one that can absorb shocks rather than contribute to them. The financial sector needs an approach to operational risk management that includes preventative measures and the capabilities – in terms of people, processes and organisational culture – to adapt and recover when things go wrong.

"As recent high-profile disruptive events have shown, the speed and effectiveness of communications with the people most affected, including customers, is an important part of any firm’s [...] overall response to an operational disruption."

The three authorities have said boards and senior management should assume individual systems and processes that support business services will be disrupted, and increase the focus on back-up plans, responses and recovery options.

They have also suggested the use of time limits for how long outages should last and have recommended that firms stress test their systems for "severe but plausible" scenarios.

Firms were also told to establish the resilience of any outsourced providers and make sure they have a plan in place if these suffer an outage themselves.

It was back in May that advisers called on the regulator to intervene after months of disruptions on the Aviva platform.

Aviva for Advisers has been haunted by glitches since its replatforming to FNZ technology in January.

Aviva consistently said it was working to fix the issues and re-allocated resources to speed up the process.