RBS fined £56m over IT crash that left millions of customers stranded

 

Royal Bank of Scotland has been told by regulators to pay £56m in fines for an IT meltdown that affected 1 in 10 of the population, and locked a small number of people out of their accounts for weeks.

The bank has already shelled out just over £70m in compensation to customers of RBS, NatWest and Ulster bank – all part of the same group – working out at under £11 per person.

Although not all the 6.5 million affected customers suffered financial loss as a result of the computer failure in 2012, so did not require compensation, millions did suffer as a result of being unable to carry out banking transactions. Some were unable to make mortgage payments on time, some were left without cash in foreign countries. Incorrect credit and debit interest was applied to accounts, producing inaccurate bank statements. Some organisations were unable to meet payroll commitments or even to finalise their audited accounts.

The fine would have been £80m had the 80 per cent taxpayer-owned bank not accepted the Financial Conduct Authority’s charges and agreed to settle early. A fine of £42m was levied by the FCA, with a further £14m from the Prudential Regulation Authority (PRA). It is their first joint action.

RBS has since said it is ploughing £750m into upgrading its IT, but Tracey McDermott, head of enforcement at the FCA, said: “The banks’ failures meant millions of customers were unable to carry out the transactions which keep businesses and people’s everyday lives moving. The problems arose due to failures at many levels within the RBS group to identify and manage the risks which can flow from disruptive IT incidents.”

Up to 635 systems at RBS were hit by the meltdown, caused by a software upgrade that was uninstalled when problems occurred – without thought being given to the consequences.

Sir Philip Hampton, chairman of RBS, issued yet another apology to customers, saying: “Our IT failure in the summer of 2012 revealed unacceptable weaknesses in our systems and caused significant stress for many of our customers.”

Andrew Bailey, Deputy Governor of the Bank of England and head of the PRA, talked of “a very poor legacy of IT resilience and inadequate management of IT risks”.

He said: “It is crucial that RBS, NatWest and Ulster bank fix the underlying problems that have been identified to avoid threatening the safety and soundness of the banks.”

The FCA and the PRA have since written to the chairmen of all the big UK banks asking them to ensure that their IT systems’ risk management is solid and that boards have formally assessed this.

The FCA has told banks to make sure such events do not affect customers in the future. It said the IT failure was down to weaknesses in RBS’s controls of IT risk.

RBS was fined £2.7m by the central Irish bank last week for the failures at Ulster bank. It has set aside £125m to cover compensation and fines.

Dan Hooper, director of Piccadilly Group, which specialises in testing banking systems, said: “Poor controls and inadequate software testing of systems play a major factor in the rise of failures. Trying to engineer out such an error is incredibly complicated, which is why prevention, rather than cure, should be the focus among the banks.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in