It now faces an investigation into the outages by U.K. financial regulators -- a process that could result in fiscal penalties.
The Financial Conduct Authority (FCA), a new regulatory agency changed with policing the U.K.'s financial services market, released a statement Wednesday saying that it has commenced an "enforcement investigation into the IT failures at RBS which affected the bank's customers in June and July 2012."
Interestingly, the statement refers only to the longer of the two IT lapses, which left millions of RBS, Natwest and Ulster Bank customers unable to access their bank accounts. As a result, payments were not recorded properly and many customers complained they were living hand-to-mouth while the bank sorted out the problem. In a second shorter-lived issue in March, ATMs and online banking systems failed for a couple of days.
The bank has admitted the problem resulted from a poorly handled software upgrade by junior IT staff in its Edinburgh, Scotland headquarters.
[ Could London become the next hotbed of tech innovation? Read London's New VC Fund For Tech Startups. ]
In its third-quarter figures, RBS revealed that the error had cost it £175 million ($270 million), comprising waiver of interest, reversed bank charges and compensation payments for customers. The worst losses came at its Northern Irish Ulster Bank (£82 million/$126 million) and the smallest (£3 million/$4.6 million) at its international banking arm.
The bank's chief executive, Stephen Hester, told The Guardian that the problems may have stemmed from a lack of attention and investment in its core banking IT assets at the expense of development of new systems. "With hindsight, maybe a bit more of that increase in spend should have been in the core taken-for-granted systems that work every day. Some of our focus was on the new things people want," he said.
According to some reports, the company has put aside up to £80 million ($123 million) to overhaul its back-end systems to prevent recurrence of the issue. Others suggest that when RBS bought NatWest in 2000 it may have failed to invest in sufficiently modernizing the larger core banking platform.
It's not clear how long RBS will have to wait for the FCA to decide what, if any, action it will take. "The FCA will reach its conclusions in due course and will decide whether or not enforcement action should follow that investigation," is all its brief announcement says on the matter.
Easily overlooked vulnerabilities could put your data and business at risk. Also in the new, all-digital 10 Web Threats special issue of Dark Reading: How hackers compromised an iOS developers' website to exploit Java plug-in vulnerabilities and attack Apple, Facebook, Microsoft and Twitter. (Free with registration.)