Ulster Bank systems debacle may happen again
Cost-cutting and human error could easily trigger another technical meltdown in an Irish bank, IT experts are warning.
The alert comes as the Ulster Bank fiasco -- which has seen more than 600,000 customers struggle to withdraw their own cash -- enters its third week.
"In today's economic climate, IT departments have come under pressure to economise and deliver more," says Garret Wallis of Dublin IT consultants MJ Flood Technology. "You need to invest as much in disaster and contingency planning as you do in the day-to-day running of IT. And if IT budgets are put under pressure, then there's a risk that this investment won't happen."
Brian Honan, chief executive of BH Consulting, says that human error and software bugs mean there's "always a possibility" that the problems at Ulster Bank could erupt elsewhere.
The outsourcing of IT staff -- a growing trend among companies battling to survive the recession -- is also a concern. A company's knowledge of how its own computer system works can "get completely lost" if it outsources its IT, says Miguel Ponce De Leon, chief technologist with the Telecommunications Software & Systems Group at Waterford Institute of Technology.
"The more you outsource IT activities, the harder it is to hold on to such knowledge," says De Leon. "Because of this, it's possible that a technical failure like Ulster Bank's could happen again."
Ulster Bank's parent, Royal Bank of Scotland, has insisted that the bank's technical problems originated in Edinburgh and had nothing to do with recent outsourcing of some of the bank's IT staff to India.
IT experts are also concerned that computer hackers could infiltrate the banks.
"If a hacker is determined enough -- and they have enough time, resources and money, they will get into a company's computer network," says Honan. "Banks have a lot of security when it comes to who can access their systems. But there's no such thing as 100 per cent security."
Five years ago, Estonian government, media and business websites were forced to temporarily shut down after being targeted by hackers.
The Central Bank does not require Irish banks to inform it of any hacking attacks -- unlike in Norway, where such information is passed to the financial regulator and shared with other banks. "However, we expect that all institutions would inform the Central Bank of any issues arising which would have a material effect on its business and its customers," said a spokeswoman for the Central Bank.