Royal Bank of Scotland Group fined £56 million for 2012 IT disaster
Both financial regulators have levied fines following investigation into system failure that affected millions.
The two financial regulators have jointly fined the Royal Bank of Scotland (RBS) Group – which comprises Royal Bank of Scotland, NatWest and Ulster Bank – a total of £56 million for IT failures in 2012.
The Financial Conduct Authority (FCA), which regulates financial firms, fined the banking giant £42 million for “failing to put in place resilient IT systems which could withstand, or minimise the risk of, IT failures”.
The Prudential Regulation Authority (PRA), which is responsible for policing financial markets, fined the group £14 million for “inadequate systems and controls which led to a serious IT incident in 2012”.
This is the first time the two regulators have taken joint action.
What happened?
The IT incident referred to began on 18th June 2012 and continued until 26th June for RBS and NatWest, and wasn’t fixed for Ulster Bank customers until 10th July.
During that time, customers couldn’t access their account information at cashpoints or online, so were unable to check balances or make payments. This meant automatic bill payments weren’t made and people were forced to go into branches, which extended their opening hours, to withdraw cash.
There were also horror stories of house purchases not completing because money from RBS Group accounts was not transferred. And the banks incorrectly applied interest to many people’s accounts, meaning their statements were wrong.
In total, over 6.5 million customers were affected.
It also affected businesses, who couldn’t finish monthly payrolls or audit accounts. And the banks were also unable to process payment as part of the wider industry clearing system, which is why the PRA has been involved as well as the FCA.
What the investigation found
The investigation found that a software upgrade was installed on 17th June 2012. When it became apparent there were problems with the upgrade, it was uninstalled but this led to a system failure as the upgrade was not compatible with the previous version of the software.
Tracey McDermott, Director of enforcement and financial crime at the FCA, said: “Modern banking depends on effective, reliable and resilient IT systems. The Banks' failures meant millions of customers were unable to carry out the banking transactions which keep businesses and people's everyday lives moving.
“The problems arose due to failures at many levels within the RBS Group to identify and manage the risks which can flow from disruptive IT incidents and the result was that RBS customers were left exposed to these risks. We expect all firms to focus on how they ensure that they can meet the requirements of their customers when looking at their IT strategies and policies.”
Andrew Bailey, Deputy Governor of prudential regulation at the Bank of England and CEO of the PRA, said: “The severe disruption experienced by RBS, Natwest and Ulster Bank in June and July 2012 revealed a very poor legacy of IT resilience and inadequate management of IT risks. It is crucial that RBS, Natwest and Ulster Bank fix the underlying problems that have been identified to avoid threatening the safety and soundness of the banks.”
Discounted fine
The RBS Group agreed to pay the fines at an early stage of the investigation and therefore qualified for a 30% discount in both instances.
The FCA acknowledged that the banks have “taken significant steps to address the failings in their IT systems and controls”.
The FCA and PRA are currently assessing how well other banks are preparing for IT risks.
Were you affected by the IT problems? Do you think the fines are right? Let us know in the Comments section below.
More on banking:
Clydesdale and Yorkshire Banks launch £150 current account switching incentive
More banks join Paym mobile payment service
Comments
Be the first to comment
Do you want to comment on this article? You need to be signed in for this feature