Counting the cost of IT failure

News RBS is being fined £56m for its 2012 outage shows robust IT is now a regulatory & a business requirement


Inside the enterprise: Banks, telecos and healthcare providers are just some of the UK's businesses that face ever tighter regulation.

Naturally, we expect providers where lives are at stake in healthcare, but also water and energy, and transport to be regulated.

But companies whose goods and services we all depend on including utilities and other "critical national infrastructure (CNI)" providers are also facing greater regulatory and government scrutiny. And that scrutiny is extending to how they operate their IT.

Regulators have a responsibility to ensure safe products, whether they are trains, pharmaceuticals, or energy supplies. And they have a responsibility to ensure competition.

But increasingly they are also focusing on ensuring the safe and reliable operation of the services they supervise. And that is extending beyond the utilities and healthcare, the core of conventional CNI, to industries such as telecoms and banks.

This,, is the background to the news that regulators are fining RBS Group a total of 56 million, for an IT failure back in 2012. Banking regulators have made the headlines regularly over the last few years for fining banks for their conduct: payment protection insurance, and foreign exchange rigging being just two examples. RBS itself was recently fined 217 million for manipulating exchange rates.

Fines for IT failures are rarer, but they could become more common, as regulators take a tougher line on failures that put consumers at a disadvantage. The RBS Group which runs NatWest and Ulster Bank fines stem from a failed software upgrade that locked customers out of their accounts.

The fines consist of two penalties: 42 million from the Financial Conduct Authority, and a further 14 million from the Bank of England's Prudential Regulation Authority.

RBS Group has already admitted it has IT issues and the failure in 2012 was not the only one. The banking group also suffered outages at the end of 2013, and the company's CEO blamed under-investment in technology for the problems.

It is possible the bank will face further regulatory sanctions as a result of this and for another outage in March 2013, which locked the bank's customers out of cash machines. Certainly, RBS has had to make provisions, above and beyond the regulators' fines, for compensation: it set aside 125m to cover the 2012 incident alone.

RBS Group's problems should serve as a lesson, both to companies operating critical infrastructure and in regulated industries. Regulators are not going to stand by while services fail and customers are disadvantaged. And blaming computer systems is no excuse.

The FCA's announcement of its sanctions against RBS Group make for interesting reading.

The regulator found that the "underlying cause" of RBS' problems was "the Banks' failure to put in place adequate systems and controls to identify and manage their exposure to IT risks", and that these went deeper than the software failure alone that caused the glitch.

RBS, the FCA found, failed to properly understand IT risk and apply risk management policies, as well as to build in enough resilience to ensure the bank could continue to operate in the event of a problem.

There is an old saying: "fail to prepare: prepare to fail". Even without regulatory fines, it is cheaper to have contingency plans than face the consequences of IT failure.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021