Four million customers of National Australia Bank in Australia were left without access to their money for over a week after a corrupt file took down the payments system. The incident arose on Wednesday night resulting in payments, ATM and POS transactions grinding to a halt. In some cases multiple transaction entries occurred and in others they did not happen at all. This meant that the likes of mortgage payments and utility bills weren't paid and in many cases employees did not receive their salaries. Cameron Clyne, CEO of NAB said "Unfortunately in any large organisation these things happen from time to time". But is he right?
Whilst he might be right that unexplained incidents do occur with IT systems, what is not expected is for it to take over six days to be able to fix the problem. As NAB starts to investigate the cause of the problem questions need to be asked as how the payments system was designed with a single point of failure, whether there was any backout/recovery in the system and when and whether robust disaster recovery testing had last been carried out.
Many banks for too long have underinvested in their legacy systems, bolted on changes without any reference to the integrity of the overall design and crossed their fingers and hoped that the systems don't fail. Ironically NAB has recently kicked of a AUS$1bn technology refresh.
The impact for customers of not being able to access their money apart from the monetary implications is one of high levels of emotional stress and a loss of faith in the banking system. Queues were seen to be formed outside banks as customers tried to get their money. Fortunately there wasn't a run on the bank and the other banks stepped up to assist by waving charges for non-payment and other such actions. But the damage to the banking system was done and it will take some time to repair.
The total impact for NAB, both financial and non-financial will only be known over time.
The processing of payments is the one basic task that banks are expected to perform, flawlessly time after time. Indeed that is the principle reason for banks existing for many consumers and corporations.
As banks around the globe heave a sigh of relief that this hasn't happened to them, this should prompt many bank CEOs and CIOs to perform an audit on the vulnerability and the recoverability of their payment systems and their ability to respond to such a major incident. Scenario planning and simulation should all play a part in this.
No bank can afford to rest on its laurels; there are lessons to be learnt for all from this incident in Australia.