Ulster Bank meltdown 'raises IT questions for all businesses'
AN INTERNATIONALLY-recognised standard to certify IT platforms is needed to reduce the likelihood of another failure occurring in banking systems and to restore confidence, industry experts have said.
The Innovation Value Institute has called for the establishment of such a certification process in the wake of the catastrophic recent IT failure at Ulster Bank.
The system outage, which affected more than 600,000 customers for over a month, has put banking systems under the microscope, raising “serious questions” about the vulnerability of computers in all areas of business, the institute said.
Customers at the bank were unable to access funds, suffered delayed payments and could not view correct balances for several weeks after a software update applied to Ulster Bank parent company RBS’s systems was corrupted.
The bank has promised it will compensate customers for financial loss and the inconvenience caused by what it called a “glitch”, which began in mid-June. This week, the bank said it hoped to have the majority of its customers back to “business as usual”.
The Innovation Value Institute’s general manager Martin Delaney said the incident had “significantly impaired” confidence in banking IT systems.
Financial services organisations may have a greater risk due to what the institute described as significant structural changes in their sector.
These include the impact of mergers and consolidations, sometimes through government intervention; the focus on cutting costs; and increasing demand from consumers for access to services around the clock.
However, he warned that it was not just banks that were at risk. Any organisation that was dependent on IT should be keeping an eye on their systems’ capability.
“The secret here has to be prevention. How do you prevent it happening? You have to measure the capability of your IT engine overall. You have to know if it’s high or low, and if it’s low, you must expect things to go wrong,” he said.
“The secret to prevention is to be aware of what is your current capability. If you are aware and not happy with it, go fix it, and do it urgently.”
The institute has devised a framework to measure the capability an organisation’s IT system and infrastructure, and assess risk. It is already used by 75 blue-chip firms, including Intel, Xilinx, Microsoft and Cisco.
Mr Delaney said the group would encourage financial regulators to step in with regards to the checks, obligating banks to assess their systems.
“The only way you’ll find out if reliability is high or low is when something has gone wrong, and that is way too late,” said Mr Delaney.
“You want to check your smoke alarms every month, and not wait until the house has burnt down to find out that they don’t work – our version of that is carry out an IT capability maturity assessment on a regular basis, at least annually.”