RBS has agreed a penalty of £42m with the FCA and £14m with the PRA. Both these payments are covered by provisions already made by RBS.
Philip Hampton, Chairman of RBS, said:
“Our IT failure in the summer of 2012 revealed unacceptable weaknesses in our systems and caused significant stress for many of our customers. As I did back then, I again want to apologise to all customers in the UK and Ireland that we let down two and a half years ago.
“I am confident that the progress we have made – in increasing the resilience of our I.T. systems through the additional investment of hundreds of millions of pounds and the enhancement of our control structures - has made RBS better able to provide the service our customers expect and deserve. I am also pleased that the regulator acknowledged the steps we took at the time to provide redress to anyone who had lost out as a result of our mistakes.”
Simon McNamara, RBS Chief Administrative Officer, said:
“When I first arrived at RBS in 2013, my number one priority was to ensure that any investment in I.T. was targeted in the right areas. As a result, by the end of 2015 we will have invested an additional £750m in enhancing the security and resilience of our IT systems.
A lot has changed and much has been achieved already. Our systems are currently available to customers over 99.9% of the time. By any measure, this is some achievement. But, given the impact that any incident has on our customers, I want to do better.”
The FCA and PRA note that RBS has paid £70.3m in redress to UK customers and £460,000 to individuals and firms who were not customers.
RBS has also today fulfilled its commitment to publish its own key findings in relation to the incident. These can be accessed here (PDF144KB).
Investment and improvement in I.T.
In 2013, RBS announced an increased investment of £750m for a three year period, over and above its annual I.T. spend, to enhance the security and resilience of its I.T. systems.
On the specific point of failure in 2012, the batch processing system, significant changes have been made. Since March 2014, RBS has put in place four dedicated and separate batch schedulers for NatWest, RBS, Ulster Bank NI and Ulster Bank ROI, significantly reducing the likelihood of a single scheduler incident impacting more than one brand. Following separation the batch scheduler runs twice as fast as previously, processing around 20 million transactions across four brands per day. 20,000 changes have been made to improve and strengthen the batch environment and reduce the likelihood of future incidents.
Other key areas of improvement are:
- A mirror bank – This mirrors the bank’s systems and data for key customer services so that should a system outage occur, RBS can still process customer transactions while we recover our systems.
- Core International payments – RBS has upgraded and improved the supporting infrastructure around its international payments system.
- Mobile banking – RBS has made the infrastructure that supports its mobile banking app more secure and, thanks to the recent investment, RBS has doubled its capacity for growth in the future. In addition, when things do go wrong, RBS can now recover much more quickly, minimising inconvenience for its customers.
As previously disclosed, on 12 November 2014, the Central Bank of Ireland announced that it had fined Ulster Bank Ireland Limited EUR 3.5 million in relation to the incident of June 2012.
A full accountability review was carried out following the incident. This covered 64 individuals with remuneration adjustments (including voluntary waivers of 2012 bonus awards and reductions of outstanding unvested awards) applicable to 16 individuals. In addition, we applied an 18% reduction in the bonuses for 2012 for Technology Services (the Department then responsible for running I.T.). In total the above actions on pay total c.£6 million. This includes the previously disclosed decision by the then RBS CEO, Stephen Hester and Jim Brown, CEO of Ulster Bank to waive any bonus that might otherwise have been awarded to them in respect of 2012.
Read the RBS Incident Summary Report (PDF70KB) for further information.
The detailed findings of the regulatory investigations are published on the FCA's and Bank of England websites.