Counting the cost of IT failure

News RBS is being fined £56m for its 2012 outage shows robust IT is now a regulatory & a business requirement


Inside the enterprise: Banks, telecos and healthcare providers are just some of the UK's businesses that face ever tighter regulation.

Naturally, we expect providers where lives are at stake in healthcare, but also water and energy, and transport to be regulated.

But companies whose goods and services we all depend on including utilities and other "critical national infrastructure (CNI)" providers are also facing greater regulatory and government scrutiny. And that scrutiny is extending to how they operate their IT.

Regulators have a responsibility to ensure safe products, whether they are trains, pharmaceuticals, or energy supplies. And they have a responsibility to ensure competition.

Advertisement - Article continues below
Advertisement - Article continues below

But increasingly they are also focusing on ensuring the safe and reliable operation of the services they supervise. And that is extending beyond the utilities and healthcare, the core of conventional CNI, to industries such as telecoms and banks.

This,, is the background to the news that regulators are fining RBS Group a total of 56 million, for an IT failure back in 2012. Banking regulators have made the headlines regularly over the last few years for fining banks for their conduct: payment protection insurance, and foreign exchange rigging being just two examples. RBS itself was recently fined 217 million for manipulating exchange rates.

Fines for IT failures are rarer, but they could become more common, as regulators take a tougher line on failures that put consumers at a disadvantage. The RBS Group which runs NatWest and Ulster Bank fines stem from a failed software upgrade that locked customers out of their accounts.

The fines consist of two penalties: 42 million from the Financial Conduct Authority, and a further 14 million from the Bank of England's Prudential Regulation Authority.

RBS Group has already admitted it has IT issues and the failure in 2012 was not the only one. The banking group also suffered outages at the end of 2013, and the company's CEO blamed under-investment in technology for the problems.

It is possible the bank will face further regulatory sanctions as a result of this and for another outage in March 2013, which locked the bank's customers out of cash machines. Certainly, RBS has had to make provisions, above and beyond the regulators' fines, for compensation: it set aside 125m to cover the 2012 incident alone.

Advertisement - Article continues below

RBS Group's problems should serve as a lesson, both to companies operating critical infrastructure and in regulated industries. Regulators are not going to stand by while services fail and customers are disadvantaged. And blaming computer systems is no excuse.

The FCA's announcement of its sanctions against RBS Group make for interesting reading.

The regulator found that the "underlying cause" of RBS' problems was "the Banks' failure to put in place adequate systems and controls to identify and manage their exposure to IT risks", and that these went deeper than the software failure alone that caused the glitch.

RBS, the FCA found, failed to properly understand IT risk and apply risk management policies, as well as to build in enough resilience to ensure the bank could continue to operate in the event of a problem.

Advertisement - Article continues below

There is an old saying: "fail to prepare: prepare to fail". Even without regulatory fines, it is cheaper to have contingency plans than face the consequences of IT failure.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020