Northern Ireland

Ulster Bank IT fiasco results in record fine by Central Bank of Ireland

Ulster Bank Image copyright PA
Image caption The IT meltdown left around 600,000 customers unable to use their accounts for up to a month

It's June 2012 and an unprecedented IT fiasco is unfolding at Ulster Bank.

The IT meltdown left around 600,000 customers unable to use their accounts for up to a month.

Various senior managers are sent out in front of the cameras in a vain attempt to reassure customers they're on top of the problem.

An untrained observer may have concluded - 'these people don't know what they're talking about'.

Now it's official - they didn't know what they were talking about.

It's right there in the report from the Central Bank of Ireland.

It concludes that Ulster Bank "provided updates to customers regarding the timelines for resolution of the IT incident based on information provided to it".

However, these timelines were based on duff information, or as the Central Bank puts it, "due to a lack of understanding of the complexity of the manner in which its banking transactions were processed, these timelines proved inaccurate".

And the investigation is crystal clear that the roots of this ignorance lay in the outsourcing of the bank's IT systems.

It's important that we understand what's meant by outsourcing in this context.

When the IT systems fell over the finger of blame was pointed at the decision of Ulster's parent company, RBS, to outsource IT work to contractors in India.

The Central Bank of Ireland does not deal with that issue.

Instead it looks at "intra-group outsourcing".

In 2005, Ulster Bank's IT services, including management and risk assessment was outsourced to the RBS Group.

Management failure

Over time that meant that Ulster Bank management did not have oversight or even a proper understanding of the IT system on which its business depends.

The Central Bank concludes that Ulster Bank:

  • Did not properly understand the way in which RBS processed its transactions
  • Did not understand the potential impact of the related risks on its customers
  • Did not have the expertise to understand or fix the problem in a reasonable timeframe
  • Did not have adequate arrangements to ensure oversight of the IT services provided by RBS

That all adds up to a shocking management failure which is reflected in the fact that the 3.5m euros (£2.74m) fine is the maximum that could be imposed.

We'll have to wait for another report from the UK's Financial Conduct Authority to assess if the further outsourcing step to India also contributed to this sorry episode.

More on this story