The Royal Bank of Scotland Group plc (RBS) announced on Friday that it has reached agreement with the Financial Conduct Authority (FCA) and Prudential Regulation Authority (“PRA”) in the United Kingdom for failings in relation to the 2012 I.T. incident.
RBS has agreed a penalty of £42m with the FCA and £14m with the PRA. Both these payments are covered by provisions already made by RBS.
Philip Hampton, Chairman of RBS, said: “Our IT failure in the summer of 2012 revealed unacceptable weaknesses in our systems and caused significant stress for many of our customers. As I did back then, I again want to apologise to all customers in the UK and Ireland that we let down two and a half years ago.
“I am confident that the progress we have made – in increasing the resilience of our I.T. systems through the additional investment of hundreds of millions of pounds and the enhancement of our control structures – has made RBS better able to provide the service our customers expect and deserve. I am also pleased that the regulator acknowledged the steps we took at the time to provide redress to anyone who had lost out as a result of our mistakes.”
Simon McNamara, RBS Chief Administrative Officer, said: “When I first arrived at RBS in 2013, my number one priority was to ensure that any investment in I.T. was targeted in the right areas. As a result, by the end of 2015 we will have invested an additional £750m in enhancing the security and resilience of our IT systems.
A lot has changed and much has been achieved already. Our systems are currently available to customers over 99.9% of the time. By any measure, this is some achievement. But, given the impact that any incident has on our customers, I want to do better.”
The FCA and PRA note that RBS has paid £70.3m in redress to UK customers and £460,000 to individuals and firms who were not customers.
RBS has also today fulfilled its commitment to publish its own key findings in relation to the incident. In 2013, RBS announced an increased investment of £750m for a three year period, over and above its annual I.T. spend, to enhance the security and resilience of its I.T. systems.