Rogers have experienced two major outages over the last 18 months.

When a few of us signed up for internet in the 90’s it was fun, exciting and cutting edge. The idea that I could bypass the middleman and gain access to information directly was breathtaking. During the mid 90’s we were able to sign into our bank, see our accounts and pay bills. This was during a time that Tellers and ATM’s defined Bank access for customers. I was with BMO and part of the transition building online banking and leading the shift.

Shift from simple access to regulated access

Somewhere along the way over the subsequent 20 years, as usage grew from a few percent to almost 100% and more and moe government services relied on internet access including CRA, the realisation of the need for regulatory oversight grew.

This included quality and risk (OSFI), crime prevention, credit standards and personal data (Fintrac, Provincial bodies) and the broad category of security and protection.

A theme developed reflecting the tension between easy access and a desire for safety. People resisted government involvement and sought access to everything including finances, health data and drivers licenses. Information workers sought simple access to their work information and companies required information protection.

Parallels between bank and internet regulation

There are areas of similarity between bank regulation which required quality, redundancy and uptime, security and data management. This is not all inclusive but intended to be representative.

• Backup:
  
  • large banks are required to maintain backup sites which are distant enough from primary location to withstand catastrophic events.
  • operational planning and capacity to operate the bank with no reliance upon the normal Head Office.
• Quality:
  
  • defined and tested audit standards with regulator visit frequency based on the demonstrated quality of operation.
  • covers various risk elements; balance sheet risk, operational processes and their impacts on risk.
• Data:
  
  • management and security
    
    • secure storage, access, redundancy multi factor authentication.
  • data management and access in context of applicable regulatory regimes
  • cloud operations in context of all the foregoing which Banks must adhere to.

Conclusions

Banks are managed by sets of regulatory regimes which are designed to satisfy risk to customers, impact on the country’s financial stability and maintenance of a balance between safety and comfort of Canadians that maintains confidence in the day to day financial operation of the country.

There is amply room to use this model for management of internet and internet access without needing the Government to take over technology management.