The PRA and FCA have imposed a joint fine on Raphaels Bank following an investigation in to the cause and consequence of an IT incident in December 2015. The incident occurred by a failure of services provided by a sub-contractor, and resulted in a significant number of customers being without access to card payment services for over 8 hours.
The Regulators found that the bank had systemic failures in overall management and oversight of outsourcing risk, from Board down, including:
- a failure to understand the BCP and DRP of the subcontractor;
- no adequate systems for identifying and monitoring these business recovery processes; and
- an insufficiently detailed outsourcing policy.
The fine was discounted from £2.7m due to Raphaels Bank’s cooperation.