Counting the cost of IT failure

News RBS is being fined £56m for its 2012 outage shows robust IT is now a regulatory & a business requirement


Inside the enterprise: Banks, telecos and healthcare providers are just some of the UK's businesses that face ever tighter regulation.

Naturally, we expect providers where lives are at stake in healthcare, but also water and energy, and transport to be regulated.

But companies whose goods and services we all depend on including utilities and other "critical national infrastructure (CNI)" providers are also facing greater regulatory and government scrutiny. And that scrutiny is extending to how they operate their IT.

Advertisement - Article continues below

Regulators have a responsibility to ensure safe products, whether they are trains, pharmaceuticals, or energy supplies. And they have a responsibility to ensure competition.

But increasingly they are also focusing on ensuring the safe and reliable operation of the services they supervise. And that is extending beyond the utilities and healthcare, the core of conventional CNI, to industries such as telecoms and banks.

This,, is the background to the news that regulators are fining RBS Group a total of 56 million, for an IT failure back in 2012. Banking regulators have made the headlines regularly over the last few years for fining banks for their conduct: payment protection insurance, and foreign exchange rigging being just two examples. RBS itself was recently fined 217 million for manipulating exchange rates.

Advertisement - Article continues below

Fines for IT failures are rarer, but they could become more common, as regulators take a tougher line on failures that put consumers at a disadvantage. The RBS Group which runs NatWest and Ulster Bank fines stem from a failed software upgrade that locked customers out of their accounts.

Advertisement - Article continues below

The fines consist of two penalties: 42 million from the Financial Conduct Authority, and a further 14 million from the Bank of England's Prudential Regulation Authority.

RBS Group has already admitted it has IT issues and the failure in 2012 was not the only one. The banking group also suffered outages at the end of 2013, and the company's CEO blamed under-investment in technology for the problems.

It is possible the bank will face further regulatory sanctions as a result of this and for another outage in March 2013, which locked the bank's customers out of cash machines. Certainly, RBS has had to make provisions, above and beyond the regulators' fines, for compensation: it set aside 125m to cover the 2012 incident alone.

RBS Group's problems should serve as a lesson, both to companies operating critical infrastructure and in regulated industries. Regulators are not going to stand by while services fail and customers are disadvantaged. And blaming computer systems is no excuse.

Advertisement - Article continues below

The FCA's announcement of its sanctions against RBS Group make for interesting reading.

The regulator found that the "underlying cause" of RBS' problems was "the Banks' failure to put in place adequate systems and controls to identify and manage their exposure to IT risks", and that these went deeper than the software failure alone that caused the glitch.

RBS, the FCA found, failed to properly understand IT risk and apply risk management policies, as well as to build in enough resilience to ensure the bank could continue to operate in the event of a problem.

There is an old saying: "fail to prepare: prepare to fail". Even without regulatory fines, it is cheaper to have contingency plans than face the consequences of IT failure.

Stephen Pritchard is a contributing editor at IT Pro.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020
Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020