Question to the HM Treasury:

To ask Her Majesty's Government what statutory reporting systems banks in the UK are subject to in respect of money stolen from customer accounts through hacking.

Under the Financial Services and Markets Act 2000, both the Bank of England and the Financial Conduct Authority have powers that require regulated firms to report to them when that firm suffers operational disruption from a cyber attack.

Under the European Banking Authority’s Payment Services Directive 2 regulation, firms are also required to report operational or security disruption of payments services to the Financial Conduct Authority.