RBS fined £56m over IT failures

The taxpayer-funded group, which includes NatWest and Ulster Bank, has already paid more than £70 million in redress to UK customers as a result of the crash, which it has blamed on “unacceptable weaknesses” in its systems.

The Financial Conduct Authority, which has fined RBS £42 million, said the IT failure affected 6.5 million customers. The Bank of England’s Prudential Regulation Authority has issued a separate penalty of £14 million in relation to the bank’s inadequate systems.

Over the course of several weeks, some customers could not use online banking facilities or obtain accurate account balances from ATMs.

They were also unable to make mortgage payments on time and customers were left without cash in foreign countries. Among other problems, the banks applied incorrect credit and debit interest to customers’ accounts and produced inaccurate bank statements.

The issues in June 2012 stemmed from a botched upgrade to the software that processed updates to customers’ accounts overnight.

When it noticed problems with the upgrade the FCA said the bank’s central IT function decided to uninstall it without first testing the consequences of that action.

Tracey McDermott, the FCA’s director of enforcement and financial crime, said there were “failures at many levels” to identify and manage the risks stemming from such an incident.

She added: “Modern banking depends on effective, reliable and resilient IT systems. The banks’ failures meant millions of customers were unable to carry out the banking transactions which keep businesses and people’s everyday lives moving.”

The failures have already resulted in RBS’s Ulster Bank receiving a record fine of almost £2.75 million from the Central Bank of Ireland.

RBS chairman Sir Philip Hampton said: “Our IT failure in the summer of 2012 revealed unacceptable weaknesses in our systems and caused significant stress for many of our customers.

“As I did back then, I again want to apologise to all customers in the UK and Ireland that we let down two and a half years ago.”

Sir Philip said the bank has since spent hundreds of millions of pounds on increasing the resilience of its IT systems.

RBS said 16 staff forfeited pay and bonuses worth around £6 million as a result of the incident, including the previously disclosed decision by former RBS chief executive Stephen Hester and Ulster Bank boss Jim Brown to waive any bonus that might have been awarded to them in 2012.

It is the first penalty imposed by the PRA since it was formed in April 2013.

The regulator said the incident began on June 18 and directly affected at least 6.5 million customers in the UK, 92% of whom were retail customers.

Disruption to the majority of RBS and NatWest systems lasted until June 26 and in the case of Ulster Bank systems until July 10. Disruptions to other systems continued into July.

The regulator said the IT incident could have threatened the safety and soundness of the banks and also had the potential to impact on the stability of the wider financial system.

Bank of England deputy governor Andrew Bailey said: “The severe disruption experienced by RBS, NatWest and Ulster Bank in June and July 2012 revealed a very poor legacy of IT resilience and inadequate management of IT risks.

“It is crucial that RBS, Natwest and Ulster Bank fix the underlying problems that have been identified to avoid threatening the safety and soundness of the banks.”

Which? executive director Richard Lloyd said the Treasury should spend the fines on improving financial education for young people, so that the next generation of consumers are better equipped to hold banks to account.

He added: “With record low levels of confidence in banking, regulators must continue to take tougher action to ensure the basics of customer service are improved, access to essential bank services is maintained in every community, and full compensation given to anyone affected by failings.”