August 13, 2020

Volume X, Number 226

August 12, 2020

Subscribe to Latest Legal News and Analysis

August 11, 2020

Subscribe to Latest Legal News and Analysis

August 10, 2020

Subscribe to Latest Legal News and Analysis

Outsourcing Failures leave Raphaels Bank with £1.89m Fine

Raphael & Sons plc (the “Bank“) has been hit by separate fines from the Financial Conduct Authority and the Prudential Regulation Authority (together, the “Regulators“) of £775,100 and £1,112,152 respectively.

An IT issue with one of the Bank’s third party card processor’s left over 3,300 customers unable to use their prepaid cards on Christmas Eve in 2015.

This event crystallised the risks that the Bank had failed to manage, but the Bank’s failings went deeper than that. The Regulators found that the Bank, “failed to have adequate processes to enable it to understand and assess the business continuity and disaster recovery arrangements of its outsourced service providers” but the management failings and oversights came from “Board level down“.

There was an absence of processes, flaws in the Bank’s due diligence (both initial and ongoing) and an overall lack of consideration of the risks of outsourcing. The Bank’s systems and controls were inadequate and exposed its customers to a serious risk of harm.

These failings continued from April 2014 through to the end of 2016. The Regulators’ investigation found that there was a previous incident in 2014, which should have led to the Bank resolving the issues then. The Regulators have stated that the repeat failings of the Bank were an aggravating factor in this case, which led to an increased penalty.

Nevertheless, the Bank’s co-operation with the Regulators resulted in a 30% reduction of the fines imposed, which would have otherwise totalled over £2.7m.


This regulatory investigation highlights the level of internal governance and controls required for any outsourcing arrangements, and the serious risks involved if these are insufficient.

Regulators are becoming more and more concerned with the “operational resilience” of firms, particularly after some recent high profile failures (the chaos caused by TSB’s IT upgrade issues last year, to name just one). Both Regulators have identified this topic as one of their priorities this year, which they state should be “viewed as no less important than financial resilience“.

© Copyright 2020 Squire Patton Boggs (US) LLPNational Law Review, Volume IX, Number 158


About this Author

Garon Anthony Litigation Attorney Squire Patton Boggs Birmingham, UK

Garon is a partner in the Litigation Practice Group. He advises clients across the full range of commercial dispute issues, including cyber liability/data breach, professional negligence, banking, pensions and insurance.

Garon regularly acts for clients who are subject to investigations or disciplinary proceedings by national and international regulators, including most recently the Financial Conduct Authority, the Financial Reporting Council and the Dubai Financial Services Authority.

Related Services

  • Litigation
  • Data Privacy & Cybersecurity
  • ...
44 121 222 3507
Rose Chaudry, Squire Patton, Commercial Litigation Lawyer, Tortious Contracts Attorney

Rose Chaudry is an associate in the Litigation team with expertise in general commercial litigation. Rose qualified in September 2015 after completing her training contract with the firm.

Rose regularly acts for a diverse client base, including individuals and companies, from SMEs to PLCs. Rose has experience advising on a wide-range of matters of both a contractual and tortious nature, including breach of contract, breach of warranty, debt recovery, professional negligence and insurance.

44 121 222 3146