Watchdog's guide could cost firms £1m

Large UK financial services firms face a £1m IT bill to comply with new disaster recovery guidelines being drawn up by industry watchdog the Financial Services Authority (FSA).

The FSA has issued a draft handbook, Operational Risk Systems and Controls, and warns that up to 40 per cent of the 11,500 organisations it regulates have no backup plans in the event of a major disaster or terrorist attack.

The guidelines, which are due to come into effect in 2004, mean that major financial services companies could have to pay over £1m for the necessary software, with an annual bill of £600,000 to remain compliant.

"Depending on the features of a software programme and its level of sophistication, a very large and complex firm could spend £1m or more on installing specialised software," states the handbook.

For small and medium-sized organisations, however, the bill is likely to be less than £250,000.

Although the warnings come in the run-up to the first anniversary of the terrorist attacks in the US, it is the failure of increasingly automated IT systems and the security hazards of e-commerce which are cited as the most important threats to business continuity.

The handbook says that companies should clearly document their business continuity strategy and reporting structure for IT operations and, where necessary, use technology to ensure the security of information.

Compliance with international security standard ISO17799 is recommended and outsourced backup arrangements should be re-evaluated.

"A firm that outsources its backup provision to a provider that offers shared backup site facilities may not have guaranteed access to this site if someone else is using it," the guidelines state.

The handbook is now open for public consultation until October, with the final version to be issued next year.

The FSA itself has this week unveiled changes to its own disaster recovery plans, with a new emergency backup site at an undisclosed location.

The centre has a separate IT system and communications links that allow the FSA to maintain contact with 35 strategic financial institutions including the London Stock Exchange.

"It is important we get it right since London is a major financial centre and any interruption to business here would have an impact globally," said Michael Foot, managing director at the FSA.