UK banks and other financial services firms have been given three months to explain how they can avoid damaging IT breakdowns and respond to the growing threat of cyber attacks.
With technology-related disruption on the rise in the sector, the Bank of England and the Financial Conduct Authority have told financial services firms to report back by 5 October on their exposure to risks and how they would respond to outages.
The vulnerability of the banking system to technology failures has been highlighted recently by the inability of customers of bank TSB to access their online accounts and problems at payments firm Visa.
Financial firms such as banks and insurers will have to demonstrate to regulators that they have a plan for when crucial systems such as online banking or payment services are disrupted, either by systems failure or deliberate attack.
The regulators suggested two days as an acceptable limit for disruption to a business service in one scenario spelt out in a consultation paper published today.
Some customers of TSB bank were still unable to access online banking services over a month after its first outage in April, which followed a botched systems upgrade.
A BoE official said in June that banks and other financial firms will be set targets for recovering from cyber attacks and other disruptions to key services.
Regulators could, if firms fail to demonstrate adequate back-up plans, require them to take actions such as bolstering capital levels or investing in making their systems more resilient.
The FCA and the BoE emphasised that responsibility for ensuring the resilience of financial firms sat with senior management, who will be held accountable in the event of prolonged disruption.
The consultation will seek views of customers of financial services firms as well as from banks, insurers and other firms.