RBS Mainframe Meltdown: A year on, the fallout is still coming

When the totally brand new kit comes on ... what do you think will happen?

The Essential Guide to IT Transformation

Regulator pass the parcel

The former Financial Services Authority (FSA) chairman Lord Adair Turner told Tyrie of the Treasury Select Committee that he wanted a full independent review to establish what had gone wrong at RBS and to “provide an assessment of the consequences and the subsequent management of the IT failure.

“On receipt of the independent review, we will consider whether further regulator action is required,” Turner wrote to Tyrie.

The FSA no longer exists, and its responsibilities have passed to the Financial Conduct Authority (FCA) and the Prudential Regulatory Authority (PRA) with the job of digging to the bottom of what really happened at RBS falling to the FCA. In April the FCA said it had started to conduct an enforcement investigation into the crisis.

“The FCA will reach its conclusions in due course and decide whether or not enforcement action should follow that investigation,” the body said in a statement.

Should the FSC’s investigation throw up anything more than a one-off systems failure, then there’s every chance the fallout from RBS could settle on other banks, too.

There are three possible outcomes from the FCA’s investigation: it might takes no further action, it could fine RBS, or it may propose regulation that would be enforced by the PRA. The latter would happen if the RBS crash was caused by failures in the technology, risk management, disaster recovery outsourcing present inside other banks and lenders.

Since RBS went titsup there have been at least two more outages attributed to IT problems: up to 22 million customers of Lloyds Banking Group - which includes Halifax and the Bank of Scotland - were unable to use cash machines, debit cards or connect to their accounts via the web in October 2012. Up to 2.4 million customers of Co-op Bank were also blocked from accounts. And it doesn’t just happen in the UK: technical issues in December 2011 took out ATMs, retail points of sale and telephone banking systems for Commonwealth Bank Australia.

Chris Skinner, chairman of banking and financial services networking group the FSClub, tells The Reg:

“The problem is that most financial institutions are hamstrung by their heritage – the mainframe,” Skinner says. “We are seeing more outages because technology’s part in banking and finance is becoming more common.”

Skinner has spoken out on banks running IT systems that he says are no longer fit for purpose. Most problems are relatively small – resulting in outages of just a few hours as in the case of Lloyds and Co-op – and are often down to upgrades to the old systems that aren’t applied properly.

But there’s a growing awareness of a need to overhaul IT to avoid becoming the next RBS and – also – to dodge regulation. “Banks are under pressure to keep up with the speed of technology change,” Skinner said. “Every bank I know has been through a core system replacement or is undergoing one.”

If regulation is mandated then don’t expect a quick fix. Unlike, say, the nuclear or airline industries, where accidents have led to investigations that have produced operation and safety standards, similar standards in financial systems will be difficult because of a fundamental refusal to share information.

Financial services is a competitive sector while IT systems are varied and valued, so it’s unlikely companies will volunteer the kinds performance data, risk assessment or outage information that will be considered needed to help regulators impose standards or force change. They will fear ceding competitive advantage should they reveal what they’re running and where they are exposed.

Dave Cliff, a contributor to last year’s Government Office for Science report on the Future of Computer Trading in Financial Markets, told us policy makers are already several steps behind the markets because there’s not enough raw data to inform their decisions.

Cliff was talking about financial markets’ increasing reliance on High-Frequency Trading (HFT) - a system of trading dependent on algorithms that execute at millisecond speeds. It is suspected that HFT has been responsible for exaggerating wild market swings, and it certainly led to the downfall of Knight Capital Group in August 2012. Knight lost more than $450m after a trading algorithm it had used bought and sold shares at the wrong prices before it was noticed or could be stopped. Knight was sold to Getco as a result of the crippling loss. But when it comes to HFT, the hedge funds and traders who write and employ them don’t like to disclose their algorithms or the special systems running them.

That might just be HFT, but retail banks are equally coy.

“Something that’s a major systemic issue when we talked about what happened at Knight Capital and RBS is we are just recycling stories we heard over coffee or in a bar,” Cliff told The Reg. “That’s the difference between companies in banking and other advanced areas where computer technology creates risks and where you have advanced legislation.

“If an accident occurs - like a plane crash - there is a very detailed inquiry where all the participants are required by law to disclose all the information the investigators want.”

A year on, RBS has committed millions of pounds on a new mainframe and disaster recovery to avoid a repeat of last year’s disaster but new hardware alone will be insufficient if the bank has not changed the people, software or the processes that saw millions of customers locked out of their accounts.

And, with regulators only just warming up and unlikely to get the information they need to force a meaningful or deep change, we should expect more account outages thanks to our banks' faulty computers. ®

Application security programs and practises

More from The Register

next story
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
prev story


Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.