Millions of UK citizens could be hit by an IT disaster similar to that suffered by the Royal Bank of Scotland (RBS) in the summer of 2012, unless banks move off of legacy systems, according to RBS's customer services group chief analytics officer, Alan Grogan.
The IT glitch affected NatWest, Ulster Bank and RBS, and cost the RBS Group an estimated £125m. The incident left millions of customers unable to access their accounts, while RBS struggled to fix the issue.
In an interview with Computing, Grogan explained that RBS had "100 per cent learned from what happened" and had put in place "special" measures to ensure that it doesn't happen again.
"We've worked with regulators and external firms to ensure that the issue isn't going to happen again. The organisation has put in a huge amount of investment in looking at our future bank strategy and eradicating any legacy challenges that we have," he said.
"We couldn't rely on legacy as the world speeds up, as new data demands come in. For example, with things like biometrics, you ask whether it is worth bolting things on to existing legacy systems. You realise that you're going to have a bottleneck or reach a point of return where you don't go back to the legacy systems," he stated.
"Obviously, the new technology is out there, and of course it is better to change to a strategically placed, cheaper, scalable mainframe rather than staying with what you have," he added.
Grogan explained that as more demands are placed on businesses, including regulatory driven change, it becomes "very dangerous" to stay with legacy systems, or to make updates and amendments to these systems.
He said that the payments failure at RBS in 2012 was not the result of a lack of focus on risk management at the time.
"I dispute that, on a risk management basis we've got a high level of risk governance and management, and we are definitely not under-resourced - the issue took everyone by surprise," he explained.
When RBS first noticed the issue, Grogan claimed that "every technology person that could have been put on the project to resolve the issue" was working on it. He said his own analytics projects, and other core banking and business technology projects were put on hold as well.
From a risk perspective, he said that RBS was "taught a lesson" with regard to resilience, double and triple checking systems, and making sure that everything about its legacy is put on a strategic roadmap.
"It is [put on a strategic roadmap], so that we have a plan to move off or at least strategically place it on a better footing," he explained.
"So we are investing countless millions on our legacy, technology and data. It doesn't keep me awake at night or worry me, but it is something we need to learn from and we apologise to those affected.
"I hope no other bank has to go through it, but it is uncertain with our competitors or in general, until everyone moves off legacy," he stated.