The Cost of (a) Failure

The news that the Royal Bank of Scotland is to be hit with £50m of fines after the failure of its computer systems in 2012 should act as a wake-up call to many organisations, financial services or otherwise.

The fines were prompted by the chaos caused when a problem with the bank’s IT system left millions of customers unable to access their accounts at RBS, NatWest and Ulster Bank. It took several days for RBS to correct the problem for customers at RBS and NatWest, and several weeks at Ulster Bank.
Last December, RBS suffered another systems outage on the busiest online shopping day of the year, the third time in about 18 months that such a problem had prevented customers from using cards, cash machines and online banking services.

Tracey McDermott, director of enforcement and financial crime at the FCA said.

“Modern banking depends on effective, reliable and resilient IT systems. The problems arose due to failures at many levels to identify and manage the risks which can flow from disruptive IT incidents and the result was that customers were left exposed to these risks.

This is not unique to RBS, other banks have also been hit by IT problems which have affected customer-facing services on a regular basis prompting the FCA to announce earlier this year that it would tackle the robustness of banks’ IT systems as one of its priorities.

Of course regulatory penalties are only one aspect; RBS has already made a provision in its accounts of £175m to reimburse customers who had suffered losses. There is also the reputational damage and lose of customer confidence (and business!) to consider.

So now is not the time for those on the sidelines and not directly involved to be smug or worse foolishly state “s%*t happens” but rather take steps to ensure risks and IT management processes are assessed and corrective action taken. Key steps to success are:

  • Education and awareness
  • Business impact assessment and strategic alignment with BCM
  • Assessment and analysis (both process and risk)
  • Prioritized improvement
  • Continuity planning and testing
  • Measurement
  • Continual improvement

In our experience clients who build and operate integrated IT service management (ITSM) processes as part of their management system see a significant reduction in Change related incidents, system downtime and failed releases, thereby resulting in stable platforms for business processing. Typical focus areas include:

  • IT Service Continuity Management (ITSCM)
  • Major Incident Management
  • Proactive Problem Management
  • Change Management
  • Release Management
  • Service Validation and Testing
  • Service Level Management

The objective has to be (hopefully) the prevention of failure, or at the very least the management of risks so that customers are protected and service restored as soon as possible.
Fox IT will be contributing more on the topic of ITSCM early in 2015.


Neil Walker
Principal Consultant
Fox IT