A secret payment made to Royal Bank of Scotland (RBS) by software supplier CA Technologies has fuelled controversy over the investigation into the IT failure that hit RBS customers in June 2012 and highlights a lack of transparency in an industry critical to the UK economy.
Following a ₤56m fine from regulators the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA), as well as significant compensation paid to customers, it was revealed that RBS received millions of pounds from the company that provided it with the CA-7 batch processing software that went wrong. However, CA Technologies' part in the episode remains unclear, as the two companies have signed a non-disclosure agreement (NDA).
In 2012 customers of RBS, NatWest and Ulster bank were locked out of their accounts for days, as a result of a glitch in the CA-7 batch process scheduler, which froze 12 million accounts. Customers were left unable to access funds for a week or more as RBS, NatWest and Ulster Bank manually updated account balances.
CIOs and other IT decision-makers say they could benefit from understanding the details of the IT glitch that caused problems for the many customers of the publicly owned bank. Sources cite a mistake made by an IT worker in India, when upgrading the technology, as the cause. The Financial Conduct Authority (FCA) said: "The underlying cause of the IT incident was the failure of the banks to meet their obligations to have adequate systems and controls to identify and manage their exposure to IT risks," but has offered no more specific explanation of CA Technologies' role.
Read more about banking IT
CA Technologies' payment to RBS
Settlements out of court are cheaper and keep problems out of the public eye, but in so doing prevent other organisations from avoiding similar problems.
Paul Hinton, commercial technology partner at law firm Kemp Little, said these types of payments are common between suppliers and customers with long-term relationships. “It is cheaper for them to settle out of court and it keeps their problems out of the public view," he said.
"But this is no good for transparency, so others can’t learn from the problem and it is more likely to happen again.”
CA Technologies' secret payment to RBS is thought to amount to millions of pounds.
Rik Turner, financial services analyst at Ovum, said NDAs have been around for a long time. “Suppliers have imposed them on customers for years and, in the finance sector, companies have imposed them on their suppliers to stop competitors finding out what IT they are using.”
But he said in this case it would be helpful to know what CA Technologies’ part in the failure was. “This payment raises a big question mark over what went wrong.”
Lack of transparency in finance sector
Turner said the regulator could try to force the companies to reveal details of the agreement, but the organisation would be likely to end up in court.
One legal expert said that, although it would be "morally and ethically right to publish the details of the agreement, it is unlikely in the commercial sector".
“Although we are talking about a public entity in RBS, it is not a government department and I do not think freedom of information applies," he said.
“I don’t think there is a good argument about who was to blame and why it should be made public.”
Jean-Louis Bravard, outsourcing consultant and former CIO at JP Morgan, said part of the problem is that people tolerate a lack of transparency in the finance sector. “It would clearly be beneficial if the details of the problem were made public,” he said.
Bravard said he believed the bank employees involved in the foreign exchange rigging scandal should be named. “We know it has happened but we don’t know who did it, which is another example of the opaqueness in financial services.”