RBS to be fined tens of millions for IT failure

The Royal Bank of Scotland is set to be given a record fine for an IT failure following two years of investigation

Royal Bank of Scotland (RBS) is set to be given a record fine by the industry regulator for an IT failure that locked customers out of their bank accounts.

The large fine is seen by many as an ineffective means of making banks upgrade outdated legacy IT systems, which were at the root of the problem.

Following a Financial Conduct Authority (FCA) investigation the bank is expected to be fined tens of millions of pounds by the regulator, according to Sky News.

The bank has already set aside £175m to reimburse customers who lost money as a result of being unable to access their accounts in the summer of 2012. 

Many customers were locked out of their accounts for days as a result of a glitch in the CA-7 batch process scheduler, which caused 12 million accounts to be frozen. Customers were left unable to access funds for a week or more as RBS, NatWest and the Ulster Bank manually updated the account balances.

In April 2013, the FCA released a statement saying it had started to conduct an enforcement investigation into the IT failures at RBS. "The FCA will reach its conclusions in due course and will decide whether or not enforcement action should follow that investigation,” it said.

In 2013, RBS CEO Ross McEwan said the failure of systems was unacceptable and blamed years of underinvestment in IT for the issues. 

"For decades, RBS failed to invest properly in its systems. We need to put our customers' needs at the centre of all we do. It will take time, but we are investing heavily in building IT systems our customers can rely on," he said.

However, the question remains whether a heavy fine will improve IT or just take away money from 2015's IT budget.

Ovum financial services analyst Rik Turner said it might be better to hit the bonuses paid to bankers as a punishment, because fining a taxpayer-owned bank is just moving money around.

“The regulator has no choice but to make an example of RBS,” he said.

Meanwhile, IT outsourcing consultant and former CIO at JP Morgan Jean Louis Bravard said fines do not get to the root of the problem. 

“This is more of a PR stunt. The FCA has not drilled down to look at the IT that banks use. It needs to do an IT stress test,” he said.

In March 2014, the FCA, along with the Prudential Regulation Authority (PRA) and Bank of England, said it will review how finance firms manage their exposure to IT risks.

It also said it will look at how engaged boards at banks are with the issue of IT resilience and if they have the expertise needed to challenge the IT decisions taken by the executive responsible.

At the time, FCA director of supervision Clive Adamson said IT is critical to customers for accessing and managing funds.

“We want to make sure that the banks have resilient IT systems in place that are able to cope with consumer demand, so customers aren’t left financially stranded or disadvantaged,” he said.

Read more on IT for financial services