Is it any wonder that the Financial Conduct Authority and the Treasury select committee
want to see banks improve their IT resilience? More than seven million people in the UK were left unable to use their credit or debit card because of IT failings last year, according to a recent survey from consumer organisation, Which?
The research involved over 2,000 people and it also revealed that for one in 20 people, this had happened more than once. Further, one in 10 said they had suffered a financial penalty and the same proportion said their credit score was damaged because they had missed a bill or payment. So, have these problems been resolved?
Unfortunately, this year is proving that IT outages at banks continue to occur with alarming regularity and there does not have to be a serious data breach and theft for harm, both financial and reputational, to occur.
If a customer is shut out of their account it can mean payments are not made and the knock-on effect means a credit report is negatively affected and in turn, could impact on the ability to borrow as well as pushing up the costs for this. This June, the Financial Ombudsman Service updated its guidance on how to seek compensation if a customer is affected by a banking IT failure, with a clear message it will
step in if necessary.
With the rise of social media, IT issues, even if they only affect a relatively small number of customers, soon reach a wide audience and banks that fail to respond well in the event of a problem are left looking, at the very least, as incompetent. Most recently, a glitch with the NatWest and RBS app resulted in “a small number” of customers being locked out of their accounts and they were told to uninstall and then download the app again. But, Twitter was filled with comments expressing frustration at the banks and subsequent stories in the media talking of “chaos”.
These two brands are certainly not alone, Barclays, Lloyds, HSBC, Tesco Bank and of course TSB, which was impacted by an IT ‘meltdown’ in 2018, have all faced problems. In September, a challenger bank had to confirm its systems were not working, with some of its customers being locked out of their accounts, while in August, another bank had to tell its customers to change their PINs because it had left banking information potentially exposed to unauthorised staff for six months.
It said that details had been reported to the Information Commissioner’s Office as a precautionary measure. Clearly, eliminating all IT problems is an impossibility, but the way banks handle failures
can do much to mitigate damage. Are the digital newcomers handling outages better than
the established players? Some would argue they are and it was reported that some 250,000 people had switched banks with the biggest gainers being new entrants, Monzo, Starling and Triodos.
They certainly are not going to be immune to IT issues but the way these are handled, both in terms of securing a lasting fix and in the communication strategy are hugely important. What is more, the regulator could also seek to impose large fines, as could the ICO.
The regulatory spotlight is firmly turned on IT resilience matters and Megan Butler, the FCA’s executive director of supervision has said the regulator is “deeply concerned” at the number of outages. Even so, currently it appears that greater efforts do need to be made before customer goodwill can be regained.
Find out how you can demonstrate FCA compliance with our Enterprise Risk Management solution.