RBS fined £56m over 2012 IT failure

The Royal Bank of Scotland (RBS) has been fined 56 million by regulators for a 2012 IT glitch that stopped millions of customers from accessing their money.

The problems blighted customers of RBS, and those of its Natwest and Ulster Bank brands, for several weeks in June 2012, preventing them from accessing online banking services and receiving accurate account balance information via the firms' cash machines.

The issues arose due to failures at many levels within the RBS Group to identify and manage the risks which can flow from disruptive IT incidents.

Furthermore, other customers missed mortgage payments or had incorrect credit and debit interest applied to their accounts, while some businesses also reportedly missed their payroll commitments.

As a result, the company has now been jointly fined by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) to the tune of 56 million, with the bulk of the penalty (42 million) coming from the former party.

In the wake of the issues, RBS CEO Ross McEwan blamed the problems on "decades" of IT underinvestment, but in a statement today the FCA denied it was the root cause.

"The incident was not the result of the banks' failure to make a sufficient investment in its IT infrastructure. The RBS Group spends over 1 billion annually to maintain IT infrastructure," it said.

Instead, the regulator blamed a software compatibility problem brought about by the banking group's failure to implement "adequate systems and controls" to identify and manage IT risks.

When the banking group realised some newly-installed software was not working correctly, it opted to uninstall it, the FCA's investigation revealed, without first establishing what the impact of that decision would be.

Tracey McDermott, director of enforcement and financial crime at the FCA, added: "The problems arose due to failures at many levels within the RBS Group to identify and manage the risks which can flow from disruptive IT incidents and the result was that RBS customers were left exposed to these risks.

"We expect all firms to focus on how they ensure that they can meet the requirements of their customers when looking at their IT strategies and policies."

News first emerged earlier this month that the banking group could face a multi-million pound fine from the FCA for its IT failings, with earlier reports suggesting the sum could be cut should RBS pay up early.

In a further statement, RBS chairman Phillip Hampton said the firm had already made financial provisions to cover the cost of the joint fine.

"Our IT failure in the summer of 2012 revealed unacceptable weaknesses in our systems and caused significant stress for many of our customers. As I did back then, I again want to apologise to all customers in the UK and Ireland that we let down two and a half years ago," he said.

"I am confident that the progress we have made in increasing the resilience of our IT systems through the additional investment of hundreds of millions of pounds and the enhancement of our control structures - has made RBS better able to provide the service our customers expect and deserve.

"I am also pleased that the regulator acknowledged the steps we took at the time to provide redress to anyone who had lost out as a result of our mistakes," he added.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.