Another day and yet another bank has been fined for its business failings – but this time it isn’t due to wrongdoing in the financial markets or to a data breach.
RBS has been fined £42 million by the Financial Conduct Authority and £14 million by the Prudential Regulatory Authority (£56 million total/$88 million USD) after problems with a software upgrade left millions of RBS, Natwest and Ulster Bank customers unable to access their accounts.
The issue first emerged in June 2012 and to date RBS has set aside £125 million for compensation and costs related to this IT failure, on top of the £56 million fine.
The Financial Conduct Authority estimates that 6.5 million customers were affected by the issue. It affected 635 IT systems at the bank.
Could this IT failure and the subsequent fines and costs have been avoided?
The simple answer is yes. If RBS had used the ITIL® best practice framework and decided to adapt and adopt the correct processes (Release and Deployment Management comes to mind), this whole situation could have been avoided.
By using this process, RBS would have been able to ensure that any release would have been adequately designed and tested prior to release in to the live environment.
Admittedly, I have read that RBS does use ITIL best practice, but it hasn’t been stated to what extent they follow the guidance. With ITIL being a best-practice framework, you can adapt and adopt different parts of it as and how you see fit. If RBS had undertaken suitable release testing, however, I fail to see how it could have had such a major system failure, which leads me to believe they aren’t adhering the guidance in this area.
That leads me to conclude that the RBS case wasn’t a technology failure, but a process failure, and could have been avoided.