On November 20, 2014, following a joint investigation, the FCA and Prudential Regulation Authority (“PRA”) each issued a notice fining Royal Bank of Scotland plc, National Westminster Bank plc and Ulster Bank Ltd (which are all part of the same group) a total of £56 million for having inadequate IT systems and controls in place to manage IT risks, which led to serious IT incidents involving about 6.5 million customers, mostly retail, for several weeks. The IT incidents led to customers not being able to access or use their accounts online, obtain accurate balances from ATMs, or withdraw money in foreign countries. Incorrect credit and debit interest was applied to accounts and inaccurate bank statements were produced. The underlying cause of the incident was a software incompatibility problem.
The final notices are available at: