24 November 2014
IT failures at RBS, Natwest and Ulster bank are the cause of the latest round of banking fines levied in the UK.
The Prudential Regulation Authority (PRA) has fined the three banks a total of £14 million for inadequate systems and controls which led to a serious IT incident in 2012, while the Financial Conduct Authority (FCA) has fined the banks a total of £42 million for the same incident.
Over the course of the affected period of time, customers were unable to use online banking facilities to access their accounts or obtain accurate account balances from ATMs; customers were unable to make timely mortgage payments; customers were left without cash in foreign countries; the Banks applied incorrect credit and debit interest to customers’ accounts and produced inaccurate bank statements; and some organisations were unable to meet their payroll commitments or finalise their audited accounts.
The IT failure affected over 6.5 million customers in the UK over a period of several weeks. Both regulatory bodies found that a software compatibility problem was the underlying cause of the banks’ failure to put adequate measures in place.
According to the PRA, the IT incident could have threatened the safety and soundness of the banks and could have, in extreme circumstances, had adverse effects on the stability of the financial system in that it interfered with the provision of the banks’ core banking functions, impacted third parties and risked disrupting the clearing system.
Tracey McDermott, director of enforcement and financial crime at the FCA said: ‘Modern banking depends on effective, reliable and resilient IT systems.
‘The problems arose due to failures at many levels within the RBS Group to identify and manage the risks which can flow from disruptive IT incidents and the result was that RBS customers were left exposed to these risks. We expect all firms to focus on how they ensure that they can meet the requirements of their customers when looking at their IT strategies and policies.’
However, the FCA added that the incident was not the result of the banks’ failure to make a sufficient investment in its IT infrastructure. Allegedly, the RBS Group spends over £1 billion annually to maintain IT infrastructure.
The FCA also stated its acknowledgement that since the IT Incident the banks have taken significant steps to address the failings in their IT systems and controls.
The banks agreed to settle at an early stage of the investigation and therefore qualified for a 30% Stage 1 discount with both regulators.