The Prudential Regulation Authority (PRA) is today fining Royal Bank of Scotland Plc (RBS), National Westminster Bank Plc (Natwest) and Ulster Bank Ltd (Ulster Bank) £14 million for inadequate systems and controls which led to a serious IT incident in 2012. This is the first financial penalty the PRA has imposed since it came into being in April 2013. The Financial Conduct Authority (FCA) has separately fined the banks for the same incident.
In April 2013, the PRA and FCA announced that they would investigate the RBS, Natwest and Ulster Bank IT incident which led to widespread disruption to customers and the financial system. A joint investigation was considered necessary because the incident impacted upon the objectives of both the PRA and the FCA.
The IT incident, which began on 18 June 2012, directly affected at least 6.5 million customers in the United Kingdom, 92% of whom were retail customers. The IT incident had the potential to have an adverse effect on the safety and soundness of RBS, Natwest and Ulster Bank as it impacted upon:
- the ability of the banks’ retail customers to access their accounts;
- the ability of the banks’ commercial customers to access their internet banking service, preventing them from accessing their accounts or making payments;
- customers of other institutions who were unable to receive payments from the banks’ affected customers; and
- the ability of the banks to fully participate in clearing. An efficient clearing system is fundamental to the efficient operation of the financial markets.