Regulators fine RBS £56m for major IT failures
The FCA and Prudential Regulation Authority have today jointly fined Royal Bank of Scotland Plc (including NatWest and Ulster Bank) a total of £56m for IT failures in June 2012 which prevented the banks' customers from accessing banking services for several weeks.
The FCA says it has fined the part-nationalised RBS group £42m for failing to put in place resilient IT systems which could "withstand, or minimise the risk of, IT failures." The PRA, levying its first fine, has fined the bank £14m for the failings. The total fines amount to £56m.
The cause of the IT incident was a software compatibility problem with the underlying cause being the banks' failure to put in place adequate systems and controls to identify and manage their exposure to IT risks, says the FCA.
The IT failure affected over 6.5 million customers in the United Kingdom for several weeks. Over the course of that period customers could not use online banking facilities to access their accounts or obtain accurate account balances from ATMs. It also affected mortgage payments, oveseas transactions and credit and debit interest. Some organisations were unable to meet their payroll commitments or finalise their audited accounts.
{desktop}{/desktop}{mobile}{/mobile}
Tracey McDermott, director of enforcement and financial crime at the FCA said:"Modern banking depends on effective, reliable and resilient IT systems. The banks' failures meant millions of customers were unable to carry out the banking transactions which keep businesses and people's everyday lives moving.
"The problems arose due to failures at many levels within the RBS Group to identify and manage the risks which can flow from disruptive IT incidents and the result was that RBS customers were left exposed to these risks. We expect all firms to focus on how they ensure that they can meet the requirements of their customers when looking at their IT strategies and policies."
The FCA found that the banks' did not have adequate systems and controls to identify and manage their exposure to IT risks. Today's fine is the first time the FCA and the Prudential Regulation Authority (PRA) have taken joint enforcement action.
Andrew Bailey, Deputy Governor, Prudential Regulation, Bank of England and CEO of the PRA said: "The severe disruption experienced by RBS, Natwest and Ulster Bank in June and July 2012 revealed a very poor legacy of IT resilience and inadequate management of IT risks. It is crucial that RBS, Natwest and Ulster Bank fix the underlying problems that have been identified to avoid threatening the safety and soundness of the banks."