Banks must review IT systems after RBS chaos

The UK banking sector has been told to review its IT infrastructure after the Treasury Committee chairman warned that the RBS computer glitch could have spread to other networks.

Treasury Committee chairman Andrew Tyrie MP said that “every bank should be checking its IT systems”, in response to the IT glitch which caused widespread disruption for RBS, Ulster Bank, and Natwest in June.

“We need to have confidence that such a failure cannot happen again,” Tyrie said, claiming that public confidence in the banking sector had been knocked as a result.

Millions were affected by the software patch upgrade that caused banking computer systems to fail, leading to widespread service disruption.  RBS has earmarked £125 million for compensation. Last week, Ulster Bank, also affected by the computer failure, offered £20 compensation to its customers, each.

Tyrie warned that the problems threatened to infect other banks in the sector.

However, Tyrie also praised RBS chief exec Stephen Hester for his immediate response to the chaos caused by the software glitch.

“Mr Hester took swift action to remedy the failure; he also took full responsibility on behalf of RBS,” Tyrie said. “He did the right thing.”

Hester has previously claimed that IT outsourcing was not the cause of the software upgrade failure, following 30,000 job cuts and an increased reliance on shipping work elsewhere.  

In letters published by the Treasury Committee today, Financial Services Authority chairman Lord Turner stated that an investigation would begin into the computer failure at RBS, as well as an internal investigation by the bank itself.

Lord Turner also warned that similar disruption to account access in future could cause a “potential drain on liquidity through customers removing their deposits”.

According to reports by the Financial Times, the FSA has now written to  the chairmen of major high street banks, requesting specific details of their attempts to ensure software glitches would not critically hit systems in the future.

The FSA has also requested the names of senior managers accountable for IT systems, and has requested that bank bosses identify any potential problem areas in infrastructure.

A spokesperson for HSBC confirmed to TechEye that it had plans in place to review its critical IT systems, and will respond to the FSA’s requests.

Santander told TechEye that it has received the RSA letter, and is regularly checking its systems, though there are no immediate plans to do more wide-ranging IT checks.

Lloyds and Barclays have not replied to requests for comment at this time.

However Michael Allen, Director of IT Service Management at enterprise software provider Compuware said that such checks are “vital”:

“It is critically important, from a customer service, business productivity and security perspective that banking systems are performing at optimal levels at all times,” Allen said, speaking with TechEye.

“With this in mind, conducting thorough reviews of IT systems is vital,” he said.

He continued: “The problems RBS/NatWest demonstrates the severe impact IT disruptions can have on a bank.”

Allen warns that there is always a chance that similar problems to the RBS computer failure could arise again as IT complexity grows.

“This will always be a danger that such issues can occur,” Allen said, adding that IT systems have become vastly more complex.

“Delivering an e-banking service could be reliant on 20 different IT systems,” he said. “Even if a small change is made to one of these systems, it can cause major problems for the whole banking service. With this in mind, finding the root cause of a problem is something banks struggle with, because of the complexity of the IT systems.”

In addition, many banks rely on custom apps and systems that have been in existence for a very long time.

“If banks continue to use legacy systems, create updates and integrate more and more systems into their IT environments, then there is always going to be a chance that this can go wrong,” he said.

So, what should be done to prevent further problems? Allen thinks that banks need to take a look at how they can get live deep dive diagnostics, so they can get to the root of problems much quicker when they occur.

“Performance should be at front of thought, rather than a problem they look at afterwards so conducting continual reviews and gaining a thorough understanding of the components of their IT applications will be vital in helping to spot potential problems before they occur,” he said.

“They need to start taking a more agile and proactive tactic to performance monitoring, rather than a reactive, ‘fire fighting’ approach to performance problems,” Allen said.