Royal Bank of Scotland IT Failure
On June 19 2012, The Royal Bank of Scotland underwent a software update. The new system, CA-7 Software, was to control the payment processes for the bank. The system collapsed shortly after. Initial reports on the collapse indicated that some staff members had corrupted the system (Moore, 2017). Account holders could not withdraw their cash and they were unable to see their account balances. To that extent, some had to deal with fines and penalties for late payments yet they had money in their Royal Bank of Scotland accounts. The CEO of the bank attributed the failure to the system upgrade and the workers union cited failures by the management as the main cause of the collapse.
Due to the inconvenience caused by the failure, some account holders could not reach their homes and had to stay abroad because they could not access funds (Moore, 2017). The only reprieve was for customers who could access their funds over the counter. Later on July 3, the bank came out to admit that the system had also made double deduction on some personal loans. The customers had to review their account balances and report to the bank in the case of any discrepancies. To that extent, the Financial Conduct Authority had to investigate the incident to check for any discrepancies on the part the bank.
Investigation by the authority revealed that the risk management controls of the bank failed. Contrary to earlier perceptions that there was an inadequate investment in technology (Moore, 2017). In preparing for the launch of the system, the bank had made appropriate investments in the IT infrastructure. However, the system failed in the identification and the active management of IT risks (Berry, 2019). Additionally, it did not have the required testing controls. Investigations also revealed that the bank did not have an emergency to deal with an outage of such a scale. The lack of a backup plan indicates that the entity did not have mechanisms in place to protect the software against any form of attack.
A bank of the stature of Royal Bank of Scotland could have put in place adequate measures to protect against and anticipate any form of attack or failure. By the fact that there was no risk monitors and contingency plans revealed a huge failure on the part of the management. The challenges with the system began because the staff had run tests successfully on the new software but they did not do the same for the patched version that the bank implemented. When the system went live, an initial disruption prompted them to revert back to the previous version of the software. However, the older version was incompatible with the patch upgrade software. Consequently, batch-processing jobs were left unprocessed resulting in a backlog. The batch system also affected interdependence between systems.
References
Berry, M. (2019). The Banking Crisis: Content Studies. In The Media, the Public and the Great Financial Crisis (pp. 23-93). Palgrave Macmillan, Cham.
Moore, M. T. (2017). Redressing risk oversight failure in UK and US listed companies: lessons from the RBS and Citigroup litigation. European Business Organization Law Review, 18(4), 733-759.
