The Central Bank of Ireland has slapped a EUR3.5 million fine on Ulster Bank over IT governance failures that resulted in approximately 600,000 customers being deprived of banking services during a month-long period in 2012.
Ulster bank has already shelled out €59 million to customers affected by the meltdown, in which a bungled software update at RBS saw a huge payments backlog develop, causing chaos for account holders.
In levying the €3.5 million penalty, the highest in its history, the Central Bank said that the firm failed to have robust governance arrangements in relation to its IT systems and controls, causing widespread and significant loss and inconvenience to customers, and threatening confidence in the retail banking sector.
The Central Bank’s director of enforcement, Derville Rowland, says: "Over a prolonged period of time customers were unable to access cash through ATMs/cash and pay for goods and services and there was a delay in the processing of payments in and out of accounts. As the provision of financial services to customers represents the core business function of thefirm, the major breakdown in the firm’s provision of these services as a result of IT failings is completely unacceptable."
As part of a remediation programme devised in collaboration with the Central Bank, Ulster Bank is taking steps to ensure that it has effective oversight of the IT systems on which its business operates and that controls and testing processes are in place.
With outsourcing oversight identified as a key issue in the meltdown, Ulster Bank has implemented new service level agreements, service performance monitoring, risk oversight and the appointment of a dedicated outsourcing services team. The firm’s incident management framework has also been strengthened and detailed business contingency plans are in place including an extensive list of temporary business processes which can be deployed in the event of a core systems failure.