Irish regulator stings bank over RBS IT failings

RBS-owned Ulster Bank has been fined €3.5m by the Irish financial services regulator in relation to the IT problems experienced in the summer of 2012

Ulster Bank – owned by the Royal Bank of Scotland (RBS) – has been fined €3.5m by the Irish financial services regulator in relation to the IT problems experienced in the summer of 2012, following reports UK regulators will punish RBS with a fine of tens of millions of pounds for the same incident.

Approximately 600,000 customers could not access bank accounts for more than about a month in June and July 2012 when a glitch in the RBS CA-7 batch process scheduler froze 12 million accounts.

Central Bank of Ireland director of enforcement Derville Rowland said the IT problems were unacceptable. 

“The summer of 2012 saw an unprecedented disruption to banking services as a result of a failure that occurred on the IT system Ulster Bank Ireland Limited used to process daily banking transactions," he said. 

"The IT failure caused significant and unacceptable inconvenience to affected customers trying to carry out their everyday financial transactions.”

Recent reports suggested the UK finance sector regulator, the Financial Conduct Authority (FCA), is expected to fine the Royal Bank of Scotland (RBS) tens of millions of pounds following the major IT problem.

Because the Ulster Bank fine is separate to the RBS punishment it sends a warning to banks outsourcing particular functions and business processes to third parties. The fact RBS systems host the Ulster Bank operations was no defence.

“While the Central Bank recognises IT outsourcing is a feature of modern banking business, it is no defence for regulatory failings,” said a Central Bank of Ireland statement.

“Ultimate accountability for compliance remains with firms and they must ensure they maintain oversight of outsourced activities. 

"Senior management must ensure risks associated with outsourced activities are appropriately managed and must be aware outsourcing arrangements can never result in the delegation of their responsibility to manage the risks associated with such activities.”

The regulator added: “The obligations imposed upon firms and management applies equally to situations where activity is outsourced on an intra-group basis or to a third party. 

"Where firms and their management fail to ensure robust governance arrangements are in place for in-house and outsourced IT systems, they should expect vigorous investigation and follow-up by the Central Bank, and for the Central Bank to exercise its powers, including sanctioning powers where appropriate.”

The incessant digitisation of banking services and the need for banks to spend money on front-office IT might drive more companies to outsource particular functions. The Ulster Bank fine is a warning to ensure outsourcing partners have the right IT and processes in place.

Read more on IT for financial services