FCA investigation into RBS crash last year not complete as new IT crisis hits

The Financial Conduct Authority (FCA) has yet to complete an investigation into a massive IT failure at the Royal Bank of Scotland last year

The Financial Conduct Authority (FCA) has yet to complete an investigation into a massive IT failure at the Royal Bank of Scotland in the summer of last year, but events have escalated after RBS suffered another IT blowout this week.

In the summer of 2012, the banks' customers were unable to access their accounts for days, as a result of a glitch in the CA7 batch process scheduler, which caused 12 million accounts to be frozen. Customers were left unable to access funds for a week or more as RBS, NatWest and the Ulster Bank manually updated the account balances.

In September 2012 the then Financial Services Authority (FSA) said RBS’s investigation into the trouble had not revealed the exact cause. “While the firm has put in place its own independent review, we have informed RBS that we will require a separate full review by an independent skilled person to establish what went wrong and why,” said an FSA spokesman at the time.

In April the FSA’s successor, the FCA, released a statement, saying it had “started to conduct an enforcement investigation into the IT failures at RBS, which affected the bank’s customers in June and July 2012. The FCA will reach its conclusions in due course and will decide whether or not enforcement action should follow that investigation.” A spokesperson told Computer Weekly that April’s update is the current stance.

This week, problems with IT systems at the RBS stopped customers making online and card payments on the busiest shopping day of the year. The cause of the problem that affected customers of RBS, NatWest and Ulster Bank has not yet been identified.

RBS also had problems in March 2013 when it experienced further disruptions as ATM, online and telephone banking services were hit by IT problems.

Banks are racing into the digital age. They are developing customer-facing applications to meet demand for online and mobile services. At the same time they are cutting costs, including reducing IT staff, and are preoccupied with regulatory compliance.

One senior banking IT executive said RBS is not alone in facing major IT challenges: “The RBS IT glitch this week could be the thin end of a wedge.”

“I have seen pressure on IT spending get much more intense over the last few years along with more offshore and outsource activity. I think the financial services industry is increasing risk of these types of problems. They will of course try to disguise the root cause to avoid accusations of cost cutting but I see RBS has now admitted 'decades of under investment in IT'. Their Bankline system is a good example. I used it for about a year and it was offline for fixes a day or two every week, and when it was available it ran like a lame dog.”

He said others banks might not have been as hard hit as RBS yet but that they are on the same trajectory.

A major problem is the continuous reliance on legacy mainframe systems which underpin the banking sector. Banks use middleware to connect these to new applications. The complexity of IT therefore increases and there are more points of failure. Due to the reductions in IT staff and the reliance on old systems there are fewer and fewer people that understand the systems.

There is no plan to fix the fundamental root cause

Jean-Louis Bravard, Burnt-Oak Partners

“There is a lot of Cobol and PL1 out there, written in the 1970s, for example. Nobody knows how to deal with it these days as the experts have retired. The complexity and interconnectivity overall is concerning, not just in a firm but across firms and globally,” said the senior IT executive in the banking sector.

“Retail banks rely on obsolete legacy IT surrounded by an ever-increasing plethora of newer systems to give consumers the impression that the banking systems are fit for purpose in our internet and smartphone world,” said Jean-Louis Bravard, director at Burnt-Oak Partners and former JP Morgan CIO. 

He said the FCA investigation is pointless because everyone already knows what the problems are they just don’t want to do anything about it.

“This is just wallpapering and throwing excuses. There is no real plan to fix the fundamental root cause,” he said, referring to the fact that the IT that banks rely on was built in the 1960s.

Bravard asked if IT is so important to banks, "Why are there no IT people on the boards?"

Another IT professional at a bank said there is a disconnect between management and IT departments at banks. “Technical teams may not even try to raise risks to management as they know it is pointless. There will be a lot of personal effort and pain, no budget available, other priorities, lack of understanding from above, blame coming into the tech teams for letting the risk arise and so on. Net result, culture and process of a firm prevents these risks getting aired and addressed. The result is inevitable.”

He said the problems have been brewing over the last five years.

Read more on IT outsourcing