Misconduct, crime and technological systems failure or data abuse at banks are much bigger risks than financial regulators had foreseen, said Andrew Bailey, CEO of the U.K.'s Financial Conduct Authority.
Cyber-related risks in particular are the biggest problem banks have faced since the financial crisis, Bailey said at a City and Financial Global conference. In addition to vulnerabilities in systems infrastructure that may have a negative impact on consumers, Bailey also noted that the FCA was increasingly monitoring firms' storage and misuse of personal data.
"One of the big things that has changed in the 10-year period is the relative rise of operational risk in various forms as a significant risk," said Bailey. "We were in the teeth of fighting the crisis 10 years ago and we thought the world was dominated by that, and frankly if you said to us, in 10 years' time it's going to be operational risk, we would have probably looked a bit askance, saying, 'really?'"
Bailey singled out tech-linked issues as the most pressing threat to the financial system.
"Cyber has come up the league table very rapidly and it's different. What is different about that sort of risk is you can't take a single mitigating action, because it’s always evolving," he said. "For the regulators and the firms that's a change."
Data protection and the resilience of systems have taken on unprecedented importance, Bailey said, given customers' increasing use of technology.
Large U.K. financial companies including TSB Bank Plc, Barclays PLC, Royal Bank of Scotland Group PLC and others have experienced a series of embarrassing IT failures in recent months, affecting millions of customers who could not access services and, in the case of TSB, exposing clients' data.
The FCA fined Tesco Bank £16.4 million on Oct. 1 over internal failures that enabled hackers to steal money from clients' accounts at the end of 2017.
But other types of cyberrisk are also coming to the attention of the regulator, namely the storage and misuse of personal data by the firms, Bailey said. "The big one for us is data," he said, noting that keeping data safe and using it in the interest of customers "is a growing issue."
Pointing to a recent "super-complaint" made by consumer protection charity Citizens Advice, Bailey warned companies that the FCA will take action against them if they use customer data to increase prices for clients who seem less likely to switch their business over to a competitor.
U.K. customers are being overcharged some £4 billion a year by mobile and broadband networks alongside finance companies taking advantage of their loyalty, Citizens Advice said Sept. 28, in its petition to the U.K.'s Competition and Markets Authority.
"If you are able to price against those customers because you have more data, that immediately raises an issue," said Bailey.