'Great deal of work still to be done' strengthening bank IT systems, MP warns


Bank customers are still being left "exposed" after a series of IT failures at Britain's biggest lenders, a senior Conservative MP has warned.

Andrew Tyrie, who chairs the influential House of Commons Treasury Committee, is calling on the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) to take action to strengthen the resilience and security of bank IT systems.

He cautioned that customers remained "more exposed than necessary" to the risks of IT failures and were ultimately left "paying the price".

Mr Tyrie wrote to the regulators in January after high-profile issues at Royal Bank of Scotland and HSBC.

But he said banks continued to suffer IT glitches and was urging the regulators to provide assurances they were "getting on with it".

He said: "Banks continue to suffer failures and breaches of their IT systems, exposing millions of customers to uncertainty, disruption and sometimes distress.

"We can't carry on like this. Responsibility for sound IT systems is often lacking at the highest levels of management, and ultimately customers pay the price."

HSBC customers endured two days of online banking glitches in January, following just a month after nearly 8,000 RBS customers were blocked from trying to retrieve cash from old bank accounts.

In a letter to Mr Tyrie earlier this year, HSBC revealed that around 63,000 customers were affected by the IT failure and said it cost the group £1.1 million in fees and charges waived as well as compensation to those impacted.

HSBC added that it had two IT issues in 2015, which cost it £166,400.

RBS boss Ross McEwan wrote to Mr Tyrie in response to requests for information on its lost accounts glitch and insisted the issue was a "process error", not an IT failure.

Mr McEwan added that 7,920 customers were impacted with an average account balance of £44.

Mr Tyrie said: "Customers remain more exposed than necessary to the risks of IT failures, including delays in paying bills and an inability to obtain access to their own money.

"The proliferation of remote and online banking, including the use of biometric data for customer identification, may also be increasing the risk of unauthorised access to their accounts. A great deal of work still needs to be done."

The FCA and PRA have carried out two exercises to look at IT resilience in the largest retail banks and said in March they were "undertaking further work" to tackle IT failures in the banking sector.