As you would expect, Tesco Bank has well-established processes and controls to protect it from threats. But, with ambitious plans for their digital services in the next few years, they wanted to be sure their resilience strategy would continue to be effective. They also wanted to be confident it reflected changes in regulation. So they asked us to assess their resilience strategy, policy and controls for withstanding shocks, like cyber attacks, vendor failure and natural disasters, with those requirements in mind.
Our unique gap analysis tool tests resilience prioritising what’s important to customers and what might have an impact on the wider economy. This is based on our experience. For example, we know bank customers are more upset if something goes wrong with their mortgage than if the local ATM isn’t working. What’s more, major problems processing mortgages could affect the housing market generally.
Our main recommendation was that the resilience and risk teams work more closely together – to make it easier to implement tangible controls. We recommended the bank raise awareness of resilience so staff understood the rationale and would be ready to put in extra effort if necessary. The Board is behind the improvement plan, supporting new approaches to IT testing, projects to map significant interdependencies and new recruitment.
With these changes they can be confident they’re protecting customers and the bank’s competitive advantage. They’re now well placed to achieve the ambitions of their 2020 digital strategy.
The project has been shortlisted in the Continuity and Risk Awards 2016 in the ‘Resilience Strategy through Partnerships’ category.
“PA helped us look at priorities differently. And highlighted the benefits of getting risk and resilience specialists to work together to enhance the first and second lines of defence. We’re looking ahead confident we can develop the services we want – securely and in line with regulations.”
Paul Burgess, Head of Operational Resilience & IT Risk, Tesco Bank.