The UK financial regulator has fined Royal Bank of Scotland – parent of private bank Coutts - National Westminster Bank and Ulster Bank a total of £42 million ($65.7 million) for IT failures in June 2012 and prevented more than 6.5 million clients from using services such as ATMs. Another regulator imposed a £14 million fine.

The UK financial regulator has fined Royal Bank of Scotland – parent of private bank Coutts - National Westminster Bank and Ulster Bank a total of £42 million ($65.7 million) for IT failures which took place in June 2012 and prevented more than 6.5 million clients from using services such as ATMs or pay their mortgages.  
Separately, the Prudential Regulation Authority, which supervises banks in terms of preventing risks to the financial system, also fined the banks a total of £14 million.

“The FCA has taken this action against the banks for failing to put in place resilient IT systems which could withstand, or minimise the risk of, IT failures,” the Financial Conduct Authority said in a statement today.

The regulator said the IT incident was caused by a software compatibility problem: the underlying cause being the banks’ failure to put in place adequate systems and controls to identify and manage their exposure to IT risks.

The IT failure affected clients in the UK for several weeks, preventing people from withdrawing or depositing money, making timely mortgage payments or getting cash when abroad. Other problems included how banks applied incorrect credit and debit interest to customers’ accounts and produced inaccurate bank statements; and some organisations were unable to meet their payroll commitments or finalise their audited accounts.

“Modern banking depends on effective, reliable and resilient IT systems.  The banks' failures meant millions of customers were unable to carry out the banking transactions which keep businesses and people's everyday lives moving,” Tracey McDermott, director of enforcement and financial crime at the FCA, said.

On 17 June 2012 Technology Services (the Banks’ group centralised IT function) upgraded the software that processed updates to customers’ accounts overnight.  When it noticed problems with the upgrade it decided to uninstall it without first testing the consequences of that action.  Technology Services did not realise, however, that the upgraded software was not compatible with the previous version. This caused the IT incident that disrupted customers’ ability to use banking facilities on 20 June 2012, the FCA statement said.  

“The incident was not the result of the banks’ failure to make a sufficient investment in its IT infrastructure.  The RBS Group spends over £1 billion annually to maintain IT infrastructure. The FCA acknowledges that since the IT Incident the Banks have taken significant steps to address the failings in their IT systems and controls,” the statement continued.

Today’s fine is the first time the FCA and the Prudential Regulation Authority have taken joint enforcement action. 

The banks agreed to settle at an early stage of the investigation and therefore qualified for a 30 per cent Stage 1 discount.