Out-Law News 1 min. read

Banks' 'antiquated' IT systems contain 'deficiencies', warns regulator

Old IT systems relied on by UK banks may be susceptible to further outages similar to those suffered by a major financial institution in the past couple of years, a regulator has warned.

Sam Woods, director of domestic UK banks at the Bank of England Prudential Regulation Authority (PRA), said that the regulator had asked a number of banks for information about their IT systems after RBS Group reported a failure of its systems to update some customers' account balances for a time in 2012. A further IT glitch in December last year led to some RBS Group customers experiencing problems paying for goods and accessing money from their accounts.

Woods, who was addressing the Northern Ireland Affairs Committee in the UK Parliament, said a number of "deficiencies" had been identified during the probe but that the "antiquated" nature of the systems used by the banks would mean it could take a long time for those issues to be addressed, according to reports by the BBC and Finextra.

"I feel we are a very long away from being able to sit here with confidence and say that the UK banks' IT systems are robust," Woods said.

A spokesperson for the PRA told Out-Law.com that Woods had said that major IT outages are "completely unacceptable" and that they present a "threat to financial stability". The PRA is eager to ensure that banks understand the vulnerabilities present in their IT systems and mitigate the risk that those risks result in outages. The regulator's primary concern is that the UK banking system continues to function, she said.

A joint PRA and Financial Conduct Authority (FCA) investigation, launched into the 2012 IT problems at RBS Group, is still ongoing, she added.

IT contracts law expert Iain Monaghan of Pinsent Masons, the law firm behind Out-Law.com, previously said that basic systems relied on by banks are "often many years old and were originally designed for a different world" from the one in which banks currently operate where there is a demand for services to work effectively all of the time.

"Market pressures have led to all major banks offering 24 hour banking on computers, tablets and mobile phones and to some offering apps that transfer money directly between accounts," Monaghan said. "The attraction of these offerings to the banks' customers is their simplicity and convenience, but the customers' simplicity and convenience comes at the cost of an additional layer of technological complexity."

The cost of replacing legacy systems with new technology can be prohibitively expensive, Monaghan said, and it is "impractical" to expect banks to replace systems as and when new technology become available and because of the "risk to business and data that the disruption of a wholesale change would entail", he added. However, he said banks that have good governance over their IT operations can address the risks associated with relying on legacy systems.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.