RBS already under investigation over computer failures

The Financial Conduct Authority (FCA) launched an enforcement investigation in April 2013 over a massive computer error last year when millions of customers were unable to access their accounts for hours, days and in some cases weeks.

On Monday, an estimated 750,000 RBS, NatWest and Ulster Bank customers faced hours of misery on “Cyber Monday”, predicted to be one of the busiest shopping days of the year, due to an IT failure which meant they could not withdraw cash or make payments using debit cards.

Customers complained that they were forced to leave petrol forecourts without paying, had to leave shopping trolleys of food in supermarkets, and found money missing from their bank accounts.

The latest episode was doubly embarrassing for RBS. By Tuesday morning, Ross McEwan, the chief executive officer of RBS, said: “Last night’s systems failure was unacceptable. Yesterday was a busy shopping day and far too many of our customers were let down, unable to make purchases and withdraw cash.”

He said that the problem was compounded by decades of underinvestment in its systems. “We know we have to do better,” he added.

“I will be outlining plans in the new year for making RBS the bank that our customers and the UK need it to be. This will include an outline of where we intend to invest for the future.”

No cyber attack

However, critics have argued that the bank should have been more aware of potential risks to its systems, given months and months of investigation and contact with the regulator over its IT failures.

After the problems emerged last year, the Financial Services Authority, the FCA’s predecessor, began looking into RBS’s computer systems.

It then decided it wanted to take further action and investigate whether RBS had broken any rules with its IT failures, leading to the launch of the enforcement investigation earlier this year.

The investigation is ongoing. However, the bank is likely to face some form of punishment if it concludes that it has breached any rules over its computer failures.

The FCA has said that it is now working with RBS over the latest problems, though whether these will form part of its investigation remains unclear.

RBS has ruled out a cyber attack as a cause of last night’s problems.

Susan Allen, the director of customer solutions at RBS, also said that investigations suggested it was “completely unrelated” to a high volume of usage on “Cyber Monday” – when shoppers were expected to flock to online retailers for Christmas shopping.

We’re very sorry for our system issues last night. We’ll make sure that no customer is left out of pocket as a result.

— RBS Help (@RBS_Help) December 3, 2013

Been on hold to RBS for 20 minutes cos I’m supposedly £350 overdrawn in my account after last night. I… http://t.co/5dNEy6j4tp

— Ryan Millward (@OldManMillward) December 3, 2013

Analysts suggested that the problem might be software-related. David Sprott, chief executive officer of the international division of Everware-CBDI, which specialises in computer systems modernisation for large companies, said that such problems occurred in banks because they had been building weak systems upon shaky foundations for years.

He said: “I think the problem is that modernisation itself is seen as a risk. They think it’s like invasive surgery. Doctors don’t introduce surgery when a patient is extremely ill.

“The same would apply to heavily complex computer systems. The ability to make changes then gets diminished and the cost of making that change in a low risk way is higher.”

He said that it was unlikely to be a hardware issue, but said “software systems are a point of maximum risk”.

‘Staff cuts’

Unite, the trade union, which represents RBS staff, said problems with systems at the bank had been made worse by staff and cost cuts.

Dominic Hook, the national officer, said: “It is unacceptable that the bank’s customers are once again facing inconvenience. Unite has grave concerns that staffing challenges are exacerbating the problems facing the bank.”

Spending on IT at the bank has been raised to £2bn a year in recent years. In May, RBS said that it will spend £450m upgrading its IT structures after last year’s fiasco.

RBS, which has more than 15 million personal customers across the three brands, has said it will compensate customers left out of pocket.

Last year, it put aside £175m to compensate customers affected by those problems.

The Bank of England warned last month that poor information technology systems used by financial institutions could harm financial stability, with banks losing out due to cyber attacks.

“Cyber attack has continued to threaten to disrupt the financial system,” its report added. “In the past six months, several UK banks and financial market infrastructures have experienced cyber attacks, some of which have disrupted services.”