Co-ordinating the response to disruption of financial services

The response to any major operational disruption in UK financial services is co-ordinated by the Authorities’ Response Framework.

What is the Authorities' Response Framework?

The Authorities' Response Framework is a formal way for UK financial authorities to co-ordinate with each other. It is used when there is an incident or threat that could cause a major disruption to financial services.

The three financial authorities (the Authorities) are:

  • The Bank of England (the Bank), including the Prudential Regulation Authority (PRA)
  • The Financial Conduct Authority (FCA)
  • His Majesty’s Treasury (HMT)
The framework is jointly owned, governed and supported by senior representation from all three authorities. The framework enables the authorities to work together to respond to an incident, whilst ensuring they consider any impacts to their own statutory objectives. All three authorities have a role to play in maintaining the ARF. In particular, HMT as Lead Government Department for the finance sector own the framework; and the Bank of England has a delegated responsibility to maintain the framework to ensure it remains fit for purpose.

Why do we need the Authorities’ Response Framework?

The finance sector is made up of many different types of firms (such as banks, building societies, insurers) and financial market infrastructure providers (FMIs). They rely on each other in order to provide important business services to the UK. Usually, links between these firms/FMIs work well, but sometimes things can go wrong.

When things go wrong, important business services may be disrupted. Responsibility for responding to disruption sits with firms/FMIs themselves. They will have their own methods and plans in order to react and ensure the continuity of those services.

But, because firms/FMIs rely upon one another, disruption in one part of the sector can spread to another part. It can also spread beyond the finance sector to other sectors in the UK. The Authorities have a crucial role in reducing the effects of this and ensuring stable functioning of the system. This is managed through the Authorities’ Response Framework.

How does the Authorities’ Response Framework work with other organisations?

The Authorities’ Response Framework enables the Authorities to engage and communicate with each other to respond to operational disruption in the sector. It can also be used to respond to incidents in other sectors that may indirectly affect the finance sector.

If there is a cyber incident, the Authorities’ Response Framework will include the National Cyber Security Centre (NCSC) to support the response. They are the UK’s National Technical Authority for cyber security. The Framework also allows the Authorities to engage with other organisations and government bodies as needed.

Where required, it can also link to government structures like the Cabinet Office Briefing Room (COBR). As the Lead Government Department for the finance sector, HMT will lead any cross-government coordination.

What are the Authorities’ Response Framework members’ responsibilities?

As noted previously in all incidents, the Authorities are responsible for supporting firms’ and FMIs’ response to incidents, in a way that aligns to the Authorities’  (HMT, Bank, FCA) statutory objectives.

In cyber incidents only, the NCSC is responsible for supporting firms’ and FMIs’ technical response. They can provide advice, guidance or intelligence insights to organisations.

How is the Authorities’ Response Framework used?

Resilience specialists at the Authorities form a group to activate and run the Framework. This group:

  • engages with regulated firms and FMIs
  • assesses financial impacts
  • agrees communications

Subject matter experts are involved when their expertise is needed.

In the most severe cases, senior officials can be brought together to direct the Authorities’ response. These Seniors include the Second Permanent Secretary from HMT, Deputy Governors from the Bank/PRA and members of the Executive Committee from the FCA.

The Framework also enables the Authorities to engage with international partners, such as other finance ministries, central banks and regulators.

When is the Authorities’ Response Framework used?

The Framework can be invoked for any operational incident that affects, or has the potential to affect, the finance sector.

These incidents can have an impact on the Authorities’ objectives. The Framework can also be invoked for other reasons where cross-authority coordination is needed.

In all incidents that required the Authorities’ Response Framework, a Lead Financial Authority is agreed based on the impact to statutory objectives.

The Authorities’ Response Framework operates at three levels. These are:

  • “Monitor” – The situation needs cross-Authority coordination and monitoring.
  • “Engage” – The situation has worsened and needs active engagement with firms. Data gathering, relief actions and wider communications may be needed.
  • “Escalate" – The authorities Seniors are needed to coordinate strategic action.

The Authorities’ Response Framework is regularly reviewed by the accountable executives and exercised by the resilience teams in the authorities. Lessons learned from incidents are used for future improvement.

This page was last updated 05 April 2024