Outsourcing Failures leave Raphaels Bank with £1.89m Fine
Friday, June 7, 2019
Outsourcing Failures Raphaels Bank 1.89m Fine

Related Practices & Jurisdictions
Print Mail Download i

Raphael & Sons plc (the “Bank“) has been hit by separate fines from the Financial Conduct Authority and the Prudential Regulation Authority (together, the “Regulators“) of £775,100 and £1,112,152 respectively.

An IT issue with one of the Bank’s third party card processor’s left over 3,300 customers unable to use their prepaid cards on Christmas Eve in 2015.

This event crystallised the risks that the Bank had failed to manage, but the Bank’s failings went deeper than that. The Regulators found that the Bank, “failed to have adequate processes to enable it to understand and assess the business continuity and disaster recovery arrangements of its outsourced service providers” but the management failings and oversights came from “Board level down“.

There was an absence of processes, flaws in the Bank’s due diligence (both initial and ongoing) and an overall lack of consideration of the risks of outsourcing. The Bank’s systems and controls were inadequate and exposed its customers to a serious risk of harm.

These failings continued from April 2014 through to the end of 2016. The Regulators’ investigation found that there was a previous incident in 2014, which should have led to the Bank resolving the issues then. The Regulators have stated that the repeat failings of the Bank were an aggravating factor in this case, which led to an increased penalty.

Nevertheless, the Bank’s co-operation with the Regulators resulted in a 30% reduction of the fines imposed, which would have otherwise totalled over £2.7m.

Comment

This regulatory investigation highlights the level of internal governance and controls required for any outsourcing arrangements, and the serious risks involved if these are insufficient.

Regulators are becoming more and more concerned with the “operational resilience” of firms, particularly after some recent high profile failures (the chaos caused by TSB’s IT upgrade issues last year, to name just one). Both Regulators have identified this topic as one of their priorities this year, which they state should be “viewed as no less important than financial resilience“.

© Copyright 2024 Squire Patton Boggs (US) LLP

Current Legal Analysis

More from Squire Patton Boggs (US) LLP

California Privacy Regulator Holds Townhall Sessions on Draft Rules
by: Alan L. Friel
Belgium – the Double or Triple Whammy of Employment Protection Indemnities
by: Marga Caproni
Relying on CAFA’s Discretionary “Home-State” Exception, Federal Court Punts Data Breach Class Action Back to State Court
by: Amy Brown Doolittle , Katherine A. Spicer
Subchapter V Debt Limit: Don’t Get Caught Assuming Congress Will Act (It Probably Will…But Still) (US)
by: Kelly E. Singer
FTC Bans Non-Competes Throughout the United States – Legal Challenges Already Filed (US)
by: Paul Erian
Workplace Harassment in Germany: Questions Over Compensation
by: Anna-Maria Hesse
When the EDPB is Weaponized, It Is Our Privacy That Is at Risk
by: Charles-Albert Helleputte
The Ohio Supreme Court Updates its Writing Manual
by: Appellate & Supreme Court Group Squire Patton Boggs
The General Code in Bite-Sized Chunks ­– Proportionality is the Special Ingredient
by: Matthew Giles
Relying on CAFA's Discretionary "Home-State" Exception, Federal Court Punts Data Breach Class Action Back to State Court
by: Amy Brown Doolittle , Katherine A. Spicer

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins