David Postings speech at the CMORG conference

David Postings, Chief Executive of UK Finance - speech


Good morning, everyone – I’m David Postings, Chief Executive of UK Finance and co-chair of the Cross-Market Operational Resilience Group. Welcome to the first-ever CMORG conference.

I should like to start by thanking our hosts Deloitte who have serious expertise in operational resilience. I jointly chair CMORG with Duncan McKinnon from the Bank of England. Having the Bank’s input and expertise is vital to CMORG’s success.

I should also like to thank all the expert speakers we have lined up for the day, as well as all of you for joining us and making our first conference a sold-out event. It is a real testament to how important this subject is.

Operational resilience has always been important because people everywhere rely on our systems being available.

Back in 2002 I was brought face-to-face with this when I was at the helm of an IT shop. It was the Thursday before Easter and we had a major BACS outage. The story hit the six o’clock news because, if we didn’t get the system back up and running, it would have meant no paycheques, no payments of any kind for hundreds of thousands of people.

In the end we managed to make the payments on the following Tuesday and arranged workarounds with other banks to avert a disaster. But in an increasingly digital world, the stakes are higher. So much more in our lives depends on system availability, and increasingly people take permanent availability for granted.

This dependence on digital has brought operational resilience to the top of the agenda. 

Because today, the threats to our systems are greater than ever, not only from IT outages, but cybercrime and much more.

I am especially concerned about the confluence of quantum and AI. These two future technologies could have disastrous impacts if deployed with malice. And they may not be as far away as we think. Authorised push payments fraud would see a significant uptick, and the integrity of our data could be at risk. We will discuss this more later on in the day.

And as these risks grow and multiply, so has the complexity and interconnectedness of our financial ecosystem. The response to the growing complexity of the challenge has to be growing collaboration from us. That’s the purpose of CMORG – to bring the industry together through public-private partnership and lead collective action. To spot the risks on the horizon and develop industry’s defences – so we are ready when the shocks come.

What started out many years ago as just one committee and a subgroup, is now a truly comprehensive operation covering the whole resilience landscape.

CMORG has three objectives to achieve improvements for the sector. Firstly, to identify the risks to the financial sector. Secondly, to develop solutions to improve resilience. And thirdly, to share knowledge so we can all be better prepared.

We have six technical subgroups covering resilience, exercises, sector responses, cyber, third parties and information security.

We have four industry subgroups on retail, wholesale, insurance and FMIs.

We also have our Project Management Office supporting all of these, and leading our engagement with industry, to drive the resilience we need. 

These are at the core of all the work CMORG has done so far. And we have already made a huge difference…

By sharing understanding and the lessons learned from crises like COVID.

By embedding technical solutions like Data Vaulting.

And by working together on complex challenges, like postponing sterling settlements and substituting key services.

One of the most important things we do, which so many of you have worked on, is sector exercising. SIMEX and our technical exercises are how we sharpen our response and prepare. Through these we are continuously building our understanding, and sharing what we learn. And we’re looking forward to our next comms exercise on the third of October, and SIMEX again next year.

Through work like this and sharing our learning, day by day, we are getting better at facing down big, strategic threats. Threats that we simply could not tackle alone.

Today’s conference is all about collaboration and collective learning. It’s a day of events and discussions to ensure that as the threats to the financial sector evolve, so does our understanding and, our solutions. We have here today the leading experts across resilience, cyber, third parties and many other areas.

This morning, you will start with a panel chaired by Sarah Black, Financial Services and Operational Resilience Lead at Deloitte covering the key risks to the financial sector and the future of resilience. Then, you will hear from two panels to help you understand the financial sector’s exposure to power and telecoms, and the risks from emerging tech like quantum and AI.

Next, after lunch, you will hear from our keynote speaker, Deputy Governor for Prudential Regulation and CEO of the Prudential Regulation Authority, Sam Woods.

And after lunch we will discuss how we respond to the threats. Two panels, first on third-party risk management, and then on the vital role of collective action in building a resilient system. Finally, we will have John Taylor, External Member of the Prudential Regulation Committee of the PRA, giving some closing remarks. Then do stay for our drinks reception for an opportunity for us all to network and plan for the future.

Perhaps most important of all, today is about idea and information exchange. Genuine knowledge-sharing, not just between our panellists, but between all of you and your colleagues here and across the financial sector. Because we are determined that CMORG’s collective action on operational resilience won’t stop with the members of our group, but ripples across the financial sector for the benefit of all.

To that end, I’m delighted to announce that we will launching a new website for participants in CMORG, which will house guidance and all the work we do. Through its member portal, you will be able to access everything CMORG has done and is doing for industry.

So, thank you again for joining us today, and being part of this crucial conference. I hope you enjoy it and take full advantage of the learning and networking opportunities here.

I’ve seen operational resilience come so far since the days of that BACS outage in 2002. And I hope you will continue to work with us to take it further still. So that in a world of ever-more complex and growing threats, we can safeguard the financial sector – and its foundational role underpinning the daily life of every business, every community and every person.

Thank you.