Find out more about the progress we have made in improving our IT resilience since 2012 (PDF144)
Question: What has been announced today (20/11/2014)?
- We have reached agreement with the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) in the United Kingdom for failings relating to the June 2012 IT incident.
- We accept the FCA and PRA’s findings in full, and have agreed to the fines of £42m and £14m, bringing to a close the regulatory investigation. This follows the completion of the Central Bank of Ireland (CBI) investigation into Ulster Bank Ireland Limited and the fine of €3.5m which was announced on 12 November 2014.
- For further information on the announcement see RBS.com
Question: What happened during the incident / what caused it?
- The IT incident in June 2012 happened because of a software upgrade failure in the overnight processing system used by the bank.
- This resulted in serious disruption across the bank impacting our customers for an unacceptable period of time.
- The inconvenience that this caused went to the heart of the trust our customers have in us and we are clear that they should never have to experience this again.
Question: How do you know this won’t happen again?
Answer: We have used the findings from an independent review to guide the work we are doing to improve the resilience and stability of our IT systems.
We are investing £750m over a three-year period, as part of our £2bn annual investment in IT, to create safer, more secure and more resilient foundations for the bank's systems.
Since 2012, across the bank, we have:
- Reduced the complexity of our overnight batch processing system, introducing separate systems for RBS, NatWest, Ulster Bank Northern Ireland and Ulster Bank Republic of Ireland. This significantly reduces the risk of an incident in one brand impacting the others.
- Made a number of changes to strengthen our risk and internal audit functions, with a simplified structure and clearer responsibilities across the bank.
- Mapped at a detailed level, the services that are critical to our customers during any outage, helping us understand fully the processes, people, buildings and technology they depend on.
- Established a mirror bank so that in the event of a service outage we can still process transactions while we recover our systems.
- Upgraded and improved the supporting infrastructure around our international payments system.
- Upgraded the infrastructure that supports our mobile banking service improving the stability, capacity and availability of this service for customers. Over three million customers regularly use our mobile app, and it now supports around four million logons and 750,000 payments each day.
Question: How did the bank look after customers who were affected by the incident?
- We took immediate action to provide redress to customers affected by the IT incident to make sure they weren’t left out of pocket.
- We have paid approximately £70.3m in redress to UK customers, £23m to Ulster Bank customers in Northern Ireland and £460,000 to non-customers in the UK.
- We have also updated all policies and contingency plans used during major incidents, including a bank-wide incident initiation checklist for redress, a vulnerable customers' policy and a library of key findings.
Question: What can I do if I’ve been left out of pocket by the incident in June 2012?
Answer: If you have any further queries, please contact the bank through the usual channels. Visit your local branch, call us, or speak to your Business or Private Manager
- NatWest: 03457 888 444 (Minicom 0800 404 6161)
- RBS: 03457 24 24 24 (Minicom 0800 404 6160)
- Ulster Bank: 0345 742 4365