RBS Mainframe Meltdown: A year on, the fallout is still coming

When the totally brand new kit comes on ... what do you think will happen?

Providing a secure and efficient Helpdesk

Regulator pass the parcel

The former Financial Services Authority (FSA) chairman Lord Adair Turner told Tyrie of the Treasury Select Committee that he wanted a full independent review to establish what had gone wrong at RBS and to “provide an assessment of the consequences and the subsequent management of the IT failure.

“On receipt of the independent review, we will consider whether further regulator action is required,” Turner wrote to Tyrie.

The FSA no longer exists, and its responsibilities have passed to the Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (PRA) with the job of digging to the bottom of what really happened at RBS falling to the FCA. In April the FCA said it had started to conduct an enforcement investigation into the crisis.

“The FCA will reach its conclusions in due course and decide whether or not enforcement action should follow that investigation,” the body said in a statement.

Should the FSC’s investigation throw up anything more than a one-off systems failure, then there’s every chance the fallout from RBS could settle on other banks, too.

There are three possible outcomes from the FCA’s investigation: it might takes no further action, it could fine RBS, or it may propose regulation that would be enforced by the PRA. The latter would happen if the RBS crash was caused by failures in the technology, risk management, disaster recovery outsourcing present inside other banks and lenders.

Since RBS went titsup there have been at least two more outages attributed to IT problems: up to 22 million customers of Lloyds Banking Group - which includes Halifax and the Bank of Scotland - were unable to use cash machines, debit cards or connect to their accounts via the web in October 2012. Up to 2.4 million customers of Co-op Bank were also blocked from accounts. And it doesn’t just happen in the UK: technical issues in December 2011 took out ATMs, retail points of sale and telephone banking systems for Commonwealth Bank Australia.

Chris Skinner, chairman of banking and financial services networking group the FSClub, tells The Reg:

“The problem is that most financial institutions are hamstrung by their heritage – the mainframe,” Skinner says. “We are seeing more outages because technology’s part in banking and finance is becoming more common.”

Skinner has spoken out on banks running IT systems that he says are no longer fit for purpose. Most problems are relatively small – resulting in outages of just a few hours as in the case of Lloyds and Co-op – and are often down to upgrades to the old systems that aren’t applied properly.

But there’s a growing awareness of a need to overhaul IT to avoid becoming the next RBS and – also – to dodge regulation. “Banks are under pressure to keep up with the speed of technology change,” Skinner said. “Every bank I know has been through a core system replacement or is undergoing one.”

If regulation is mandated then don’t expect a quick fix. Unlike, say, the nuclear or airline industries, where accidents have led to investigations that have produced operation and safety standards, similar standards in financial systems will be difficult because of a fundamental refusal to share information.

Financial services is a competitive sector while IT systems are varied and valued, so it’s unlikely companies will volunteer the kinds performance data, risk assessment or outage information that will be considered needed to help regulators impose standards or force change. They will fear ceding competitive advantage should they reveal what they’re running and where they are exposed.

Dave Cliff, a contributor to last year’s Government Office for Science report on the Future of Computer Trading in Financial Markets, told us policy makers are already several steps behind the markets because there’s not enough raw data to inform their decisions.

Cliff was talking about financial markets’ increasing reliance on High-Frequency Trading (HFT) - a system of trading dependent on algorithms that execute at millisecond speeds. It is suspected that HFT has been responsible for exaggerating wild market swings, and it certainly led to the downfall of Knight Capital Group in August 2012. Knight lost more than $450m after a trading algorithm it had used bought and sold shares at the wrong prices before it was noticed or could be stopped. Knight was sold to Getco as a result of the crippling loss. But when it comes to HFT, the hedge funds and traders who write and employ them don’t like to disclose their algorithms or the special systems running them.

That might just be HFT, but retail banks are equally coy.

“Something that’s a major systemic issue when we talked about what happened at Knight Capital and RBS is we are just recycling stories we heard over coffee or in a bar,” Cliff told The Reg. “That’s the difference between companies in banking and other advanced areas where computer technology creates risks and where you have advanced legislation.

“If an accident occurs - like a plane crash - there is a very detailed inquiry where all the participants are required by law to disclose all the information the investigators want.”

A year on, RBS has committed millions of pounds on a new mainframe and disaster recovery to avoid a repeat of last year’s disaster but new hardware alone will be insufficient if the bank has not changed the people, software or the processes that saw millions of customers locked out of their accounts.

And, with regulators only just warming up and unlikely to get the information they need to force a meaningful or deep change, we should expect more account outages thanks to our banks' faulty computers. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.