Out-Law / Your Daily Need-To-Know

Bank of England to plan 'technical strategy' for RTGS payment system following outage

Out-Law News | 01 Apr 2015 | 4:13 pm | 2 min. read

The Bank of England (the Bank) is to draw up a "technical strategy" for the real-time gross settlement (RTGS) payment system in response to concerns that the system could suffer another fault.

The measure is one of several outlined by the Bank in response to recommendations made by Deloitte. Deloitte's recommendations (80-page / 3.58MB PDF) come after it conducted an independent review, commissioned by the Bank, of an approximate nine-hour outage of the RTGS system last October. The outage caused delays to the processing of 142,759 CHAPS payments valuing a total of £289.3 billion.

"Planning for the delivery of the future technical strategy of the RTGS system will begin this year, with a view to implementation over the coming years," the Bank said (7-page / 166KB PDF). "The strategy will be agreed and overseen by the Strategy Board, with regular updates to the Bank’s Court."

Deloitte had called on the Bank to set out technical strategy after finding that the "introduction of design and functional defects as part of the functionality changes" to the RTGS in April 2013 and February and May 2014 had been behind the system outage on Monday 20 October 2014.

Those defects were not identified at the time those system changes were implemented nor when maintenance works on the system was carried out over the weekend prior to the 20 October outage, Deloitte said. It said there were weaknesses in testing in, and governance of, the RTGS system and that, although it "has been highly resilient to infrastructure faults" since its inception in 1997, the complexity of the system has the potential to cause future issues.

"Although the complexity of the system has increased over time, the extent and nature of testing has not evolved to match this," the Deloitte report said. "This increased complexity, combined with weaknesses in the testing process, results in an increased risk of error when functional or non-routine configuration changes are applied. The complexity is also likely to make fault finding, either through testing or in live incidents, more difficult today and in the future."

The Bank, acting on the recommendation of Deloitte, has said it has "deferred any functional or non-routine changes to RTGS" whilst it carries out "business assurance activities". It said it has also taken a number of other steps to address the issues Deloitte has identified, including reforming RTGS governance arrangements, reviewing testing procedures and "implementing an enhanced crisis management framework".

Deloitte also found that there are barriers which make the shift to the RTGS back-up system less attractive in the event of an outage of the main RTGS system. The Bank is currently assessing the "reversion" from the main to back up systems and is expected to report to its strategy board on the issue in June.

Technology law expert Iain Monaghan of Pinsent Masons, the law firm behind Out-Law.com, said there are lessons from the RTGS outage for businesses engaging in digital transformation projects.

"Institutions with a legacy infrastructure need to adapt that infrastructure to face the demands of new, digital ways of doing business," Monaghan said. "Creating interfaces between the old and new creates risks that require management and, as this report illustrates, it is critical that there is an unbroken chain of communication and command that runs from technicians who need to test a software fix to directors who must decide whether to invoke emergency procedures if the fix goes wrong."