City firms warned on disaster recovery plans

Financial firms in the City of London risk being brought down by a terrorist attack or natural disaster because too many critical business functions and back-up sites are located close by within the capital.

The warning comes from the Financial Services Authority (FSA) following a resilience benchmarking project involving 60 of the UK's most significant firms and financial infrastructure providers.

The FSA said those businesses who represent the core of the UK's financial system have "highly resilient" IT systems and that they could recover critical functions rapidly following major operational disruption but warned there are several areas that need improvement.

Firms have been warned there is a "significant geographical concentration" of critical business functions and back-up sites in and around London that could be affected by a major incident and the FSA also expressed concern at the "high degree of reliance" on financial infrastructure providers, key telecoms providers and disaster recovery organisations.

Businesses have also been advised to move towards "more rounded" business continuity principles and address staffing issues as part of their plans. More than half of those who took part in the FSA's benchmarking survey currently have no plans for dealing with staff fatalities while others have not tested the feasibility of getting staff to alternative back-up sites.

The survey also highlighted lax security in some financial firms despite the high state of alert following the terrorist attacks in July with one in three respondents admitting they do not conduct background checks on new workers.

Hector Sants, managing director of the FSA's wholesale firms division, admitted improvements need to be made but said in the report: "It is encouraging that the project has established that the core parts of the financial system appear to have highly resilient IT systems that allow them to recover critical functions with impressive speed."

London's financial sector also undertook a simulated disaster recovery exercise in November to test preparedness for terrorist attacks, natural disasters or major infrastructure damage.

More than 1,000 people and 80 UK organisations took part in the test, which included simulations of car bomb attacks and casualties. KPMG is due to produce a report on the effectiveness of the disaster recovery planning early next year.