Royal Bank of Scotland has been fined £56 million for IT failures in 2012 that led to a complete breakdown in its payment processes.
The bank was fined by £14 million by the Prudential Regulation Authority along with Natwest and Ulster Bank, along with a further £42 million by the Financial Conduct Authority. A joint investigation of the banks was considered necessary because the incident impacted upon the objectives of both the PRA and the FCA.
The 2012 systems failure across the three banks, caused by a malfunctioning technology upgrade, left 6.5m customers without access to their accounts and resulted in a backlog of 100m unprocessed payments within only a few days.
The incident in June 2012 directly affected at least 6.5m customers in the UK, 92 per cent of whom were retail clients.
The IT incident had the potential to have an adverse effect on the safety and soundness of RBS, Natwest and Ulster Bank, the PRA said, as it impacted upon the ability of retail and commercial banking customers to access their accounts, prevented customers of other banks to receive payments from Natwest, RBS and Ulster Bank customers. It also prevented the banks from fully participating in clearing, when an efficient clearing system is fundamental to the efficient operation of the financial markets, the regulation authority added.
Disruption to the majority of RBS and Natwest systems lasted until 26 June 2012, and Ulster Bank systems until 10 July 2012. Disruptions to other systems continued into July 2012.
Ultimately, the cause of the IT incident was the failure of the banks to have the proper controls in place to identify and manage exposure to the IT risks within their business.
“The severe disruption experienced by RBS, Natwest and Ulster Bank in June and July 2012 revealed a very poor legacy of IT resilience and inadequate management of IT risks,” said Andrew Bailey, deputy Bank of England governor and chief executive of the PRA.
“It is crucial that RBS, Natwest and Ulster Bank fix the underlying problems that have been identified to avoid threatening the safety and soundness of the banks,” he added.
Banking IT systems are struggling with the influx of activity due to the growth in online banking and introduction of banking apps, as customers demand more frequent access to their accounts. Technology consultants say the problems stem from most banks’ IT systems having been built 30 years ago with new systems “bolted on” to existing ones, resulting in hugely complex IT networks, the Financial Times noted.
Trust in high street banks is at a low after groups of FX traders were caught manipulating foreign exchange rates for personal gain. Last week, RBS was fined £400m by the FCA and the Commodity Futures Trading Commission, a US regulator, for failings in internal controls that allowed this to happen.
Despite the data protection regulation being implemented in 2018, 69% of IT decision makers don’t have the backing of their board to achieve GDPR compliance, according to Calligo.
The majority of the region’s 28 member states report that the situation has worsened over the past year, reports business management consultant Verisk Maplecroft.
Regulators in the UK, the US and Hong Kong instituted proceedings against more than 1,700 individuals last year, or four times the number of cases brought against companies.
The US Commodity Futures Trading Commission approved LedgerX as the first regulated clearing house for derivatives contracts settling in digital currencies.