Irish banks need a Plan B when IT systems go dark

Tens of thousands of Ulster Bank customers got a nasty shock last week when their money vanished from their accounts. This was the latest in a string of IT glitches that have hit all the major Irish and UK banks in recent years.

Last Monday startled Ulster Bank customers found that money that had previously been lodged to their accounts had “disappeared”. Salaries went walkabout, direct debits remained unpaid and credit cards were declined.

By Wednesday Ulster Bank was assuring worried customers that the issue had been “resolved”. According to sources at the institution, the problem was caused by “human error”, with a payment file not being processed when it should have been.

If the problem at Ulster Bank had been an isolated incident one could perhaps write it off to experience. But it wasn’t.

At the same time as Ulster Bank customers were having problems with their accounts, those of TSB Bank in the UK were experiencing far more serious difficulties, when a scheduled IT upgrade went terribly wrong last weekend.

At one stage both TSB’s internet bank and its mobile app were virtually completely out of action and even as late as last Wednesday its internet bank was operating at only 50pc of capacity.

Last month, some Bank of Ireland customers found that their money was apparently temporarily missing from their accounts.

According to Bank of Ireland, the problem was caused by a “technical processing issue” rather than a cyber-attack.

AIB customers were hit when the bank suffered IT problems in August 2016, with customers unable to withdraw money from their accounts in branches. The online banking service was also affected.

Across the water a computer server problem resulted in tens of thousands of Barclays customers being unable to withdraw cash or use their debit cards in February 2017, while customers of Lloyds were similarly discommoded in February 2014.

However, when it comes to bank computer crashes the biggest one was undoubtedly the June 2012 fiasco at RBS and its Irish subsidiary Ulster Bank.

A botched software upgrade on June 19 left millions of customers on both sides of the Irish Sea effectively bankless. It wasn’t until July 16, almost four weeks later, that things finally got back to normal.

The UK regulators threw the book at the bank, fining RBS £56m (€64m). The bank’s chairman, Philip Hampton, conceding that the crash “revealed unacceptable weaknesses in our systems”.

Not surprisingly, Ulster Bank spokespeople were anxious to stress that last week’s problems bore no resemblance and were “completely separate” to those of 2012.

With all of the banks determined to get us do most of our banking electronically rather than in a branch, it is absolutely vital that customers have implicit confidence in their IT systems. Repeated failures threaten to undermine that confidence.

They also beg the question, while one or two system failures could be blamed on human error, are the repeated failures across the entire sector the symptoms of a deeper problem?

Not to put too fine a point on it, did the banks scrimp on their IT investment in the aftermath of the crash and are we now witnessing the consequences of that under-investment?

“My sense is that issues such as that experienced are not one-off events,” says Thomas Conlon, associate professor of banking at UCD business school. “In many cases, banking systems have their origins in multiple mergers over many years, resulting in legacy systems that are difficult to integrate. Moving to a modern centralised system is appealing, but not without costs and potential integration issues.”

“Another huge concern for banks in terms of system automation is any potential for data privacy issues, brought firmly into view from all corners by the incoming GDPR [the EU’s stringent new data protection regulations that come into force on May 25] framework”.

For their part the banks are adamant that cutbacks in their IT investment have not caused the recent problems. An Ulster Bank spokesman points out that RBS’ total IT investment runs at over £1bn a year.

“We benefit from the huge amounts RBS invests in IT. It is not correct to say that we are under-invested,” he says. The other banks also point to the large sums that they have invested in new and improved systems.

“AIB has a made a serious investment in its IT infrastructure. Over the last three years we increased our IT investment by 50pc. This investment is focused on the customer and on the criticality and reliability of our service,” says Seamus Murphy, AIB’s chief digital officer.

AIB’s total IT investment in recent years runs to around €870m and includes a €150m replacement of its payments platform, a new treasury platform and modernising its mainframe computer.

Bank of Ireland has also been investing heavily, and will spend €900m on a project to upgrade its IT systems and replace its core banking platform.

All well and good but will it be enough? No matter how much one spends on IT, as the events of the past week have demonstrated yet again, the weakest link is the people operating them.

Even the best system is no guarantee against human error.

The challenge for banks is to design their systems so that the potential for human error is reduced to an absolute minimum by automating their processes to the greatest possible extent and that, when something does go wrong, to have well-developed protocols in place to deal with the situation.

In the electronic banking era the key to minimising the impact of occasional IT glitches is to ensure that, if one channel goes down, another channel remains open to serve the customer.

However, no bank is an island. Every bank repeatedly interacts with every other bank, processing tens of thousands of transactions with its rivals every day.

While individual banks can upgrade their IT systems to the nth degree, they remain at the mercy of other banks with less robust systems.

When it comes to IT the entire banking system is no stronger than its weakest link.