The fine is the first time the conduct and prudential ‘twin peaks’ regulators created following the bifurcation of the Financial Services Authority have taken joint enforcement action. It also marks the first ever fine issued by the PRA.
In a statement the FCA states it took the action against the banks relating to the detriment suffered by 6.5m bank customers, 92 per cent of which were retail customers, who were left without access to their accounts for several weeks in June 2012.
In a separate statement the PRA said it had taken action because “properly functioning IT risk management systems and controls are an integral part of a firm’s safety and soundness”.
The actual cause of the IT incident was a software compatibility problem, according to the FCA, which said this reflected the banks’ failure to put in place adequate systems and controls to “identify and manage their exposure to such risks”.
On 17 June 2012 the banks’ group centralised Technology Services IT unit upgraded the software that processes updates to customers’ accounts. When it noticed problems with the upgrade it decided to uninstall, without realising the the upgraded software was not compatible with the previous version.
Problems lasted for RBS until 26 June, for Ulster Bank until 12 July, and for some customers even longer.
Over the course of that period customers could not use online banking facilities to access their accounts or obtain accurate account balances from ATMs; were unable to make mortgage payments; were left without cash in foreign countries; had incorrect credit and debit interest applied accounts.
In addition, some business customers were unable to meet their payroll commitments or finalise audited accounts.
RBS was earlier fined £14.5m by the FCA in the summer after a regulatory review found only 2 of 164 mortgage sales examined met required standards, including through failure to assess whether customers could actually afford the mortgages recommended.
The bank also last month escaped major fines from the European Commission over interest rate ‘cartels’ after it was granted ‘immunity’ for providing information on other banks involved in manipulating prices.
Banks including Swiss group UBS, US giant JP Morgan and French group Crédit Suisse were fined a combined €94m (£74m) after it was found they had operated illegal “cartels” influencing the prices of Swiss franc denominated interest rate derivatives and benchmarks in two separate cases.
Commenting on the IT fines, Tracey McDermott, director of enforcement and financial crime at the FCA, said that the problems arose due to failures at many levels within the RBS Group to identify and manage the risks which can flow from disruptive incidents.
“We expect all firms to focus on how they ensure that they can meet the requirements of their customers when looking at their IT strategies and policies.”
RBS spends more than £1bn annually to maintain IT infrastructure. The FCA acknowledges that since the incident the banks have taken significant steps to address the failings in their IT systems and controls.
Philip Hampton, chairman of RBS, said: “Our IT failure in the summer of 2012 revealed unacceptable weaknesses in our systems and caused significant stress for many of our customers.
“As I did back then, I again want to apologise to all customers in the UK and Ireland that we let down two and a half years ago.
He added: “I am confident that the progress we have made - in increasing the resilience of our IT systems through the additional investment of hundreds of millions of pounds and the enhancement of our control structures - has made RBS better able to provide the service our customers expect and deserve.”
emma.hughes@ft.com
Additional reporting by Ashley Wassall
