In 1961 Royal Bank of Canada (RBC) was the first bank which used computers in its day-to-day business, and in 1995 RBC was one of the three banks, who joined in a venture with BankAmerica Corporation and the NationsBank Corporation to install software for their on-line banking. However, in 2004, after the upgrade of the banking software, the entire business went out of control. The failure in the system was caused by two incidents; a wrong data entered by one of the workers during the update and the poor testing of the new code before installing. In addition to the error in the main system, the backup system appeared to be affected too; therefore all the information was lost and became unavailable both to the bank and its customers. Around 72 000 government workers in Ontario and New Brunswick had troubles with their deposits due to their governments, which used RBC for routing the payrolls.
As a result of such a mistake, around 2.5 million customers (10 million accounts) were unable to transfer the money, check their balances and receive paychecks for nearly a week. In addition to this, many businesses were seriously affected because of their inability to access the information connected to their accounts. Later, there was a lawsuit brought against Royal Bank of Canada, which involved 1 billion dollars as compensation.
Despite of RBC’s attempts to solve the problem efficiently and quickly, the process of fixing the system’s breakdown took bank too long. After a week of malfunction, the amount of unprocessed transactions reached an enormous amount. Another factor contributing to the slowness of the recovery was the decision of bank’s management to screen transactions proceedings manually. This was done to ensure that the software works properly and that there is no superfluous information in the system.
Shortly after the incident, Royal Bank of Canada informed its customers that the situation will be clarified and all the accounts normalized within 3 working days, however it failed to do so and it took bank more than a week instead. This inaccuracy caused a lot of criticism and dissatisfaction. In addition to that, when the expected deadline was not met, there appeared to be no person from RBC responsible for communicating this problem with media and giving further information.
In addition to all the troubles, bank’s customers were faced with hackers cracking their accounts. E-mails, saying that RBC needs to review its members’ accounts, were sent to people to get their card numbers and passwords. Royal Bank of Canada had little control over this new issue and, as a result, its customers have suffered not only from not being able to access their accounts but also from their money being stolen. The question is why such important information as customers’ account was so poorly protected from the outside environment and how could anyone get such an easy access to it.
First question that comes into a mind, when talking about the incident at RBC, is why the bank decided to do an upgrade of its entire system at the end of the month. At the end of the month, when every bank is usually overloaded with enormous amount of new transactions and deposits, RBC decided to implement the upgrade program to all its systems at once. The upgrading program, which was not tested before the implementation, failed during the time when bank’s customers needed its service the most. It took RBC more than a week to repair the system. As a result of an inappropriate time chosen for an upgrade, at the end of the week bank was overloaded with both old and new transactions. If the installation took place in the middle of the month, there would be no big flow of information during the malfunction, and the repairing process would be significantly simplified.
One of the most important factors that contributed to the control problems in Royal Bank of Canada in 2004 was the failure of backup systems to continue bank’s flow of operations. It was reported by RBC, that the system’s upgrade was applied to all the programs storing bank’s information, including backup facility. For that reason, not only the main system suffered from the incorrect data entry, but also the backup system, which was supposed to be a rescue in this situation.
Backup system is designed to help organizations to protect its information system and database against possible media failures. One of the most important rules, when developing a backup system, is that the disk with information stored for recovering purpose and the disk with data files must always be separated. This must be done in order to preserve backup system from failing to run after the main system is damaged.
In case of Royal Bank of Canada this mistake caused the loss of enormous amount of information without a chance for its recovery. The changes in the program were automatically implemented to the backup system and caused the same error that occurred in the primary facility. Since RBC’s technology staff failed to separate two disks while upgrading the system, backup facility became unable to serve its primary purpose.
Another significant problem in RBC was a failure of management to make sure that the updates were tested before the implementation. Different IT workers should have run through it carefully to ensure that everything works properly and does not cause any serious malfunctions. RBC’s management failed to give exact guidelines of how the upgrade process should have been carried out. As a result of management’s wrong approach to the upgrade process and the glitch in the system, an organization could not continue working properly. Control activities were not communicated within the organization, and, when the access to all databases was blocked, it could not continue functioning.
In addition to that, occurred problem was underestimated by the management team. The system’s breakdown was fixed the next day after it was discovered, however, the business could not continue functioning. Despite the obvious difficulties in the program recovery, RBC announced to its customers that the system will be regulated by June 3d, 4 days after the breakage. The prediction of RBC’s management appeared to be inaccurate and had caused many criticism and dissatisfaction from its customers, when they continued facing difficulties in accessing their accounts after the announced recovery date. However, this was not the only reason for RBC customers’ dissatisfaction. Despite of the fact that his bank was facing a serious problem and did not fully recovered from the damage, RBC’s CEO, Gordon Nixon, left Canada on June 2nd. The bank was left without its leader and its customers without an authority to communicate the condition of their inaccessible accounts with.
The organization appeared to be in a situation, where lower management workers became responsible for providing customers with unpleasant information. Communicating with media became a responsibility of other executives in the bank, and it had a crucial impact on RBC’s reputation. Customers did not receive any news from the bank till June 3d. After June 3d, media started receiving information from different people every time. There appeared to be no single person responsible for delivering news to the bank’s customers and warning them about potential difficulties connected to the system’s failure. The bank did not seem to be very reliable in this situation.
There were several significant mistakes made by the bank before and during the incident. RBC appeared to be unprepared for the situation like breakdown in the system. There was no disaster recovery plan, which must be a part of every large and complex organization with a big flow of information. Poor handling of the technical side of the installation became the reason for bank’s inability to continue functioning properly during the week time.
The most crucial mistake in the control system was upgrading both main and backup systems at once. Instead of upgrading the main system first, making sure the program does not cause any malfunction, and then applying it to the backup system, the new software was installed to all bank’s facilities simultaneously. Consequently, both systems were affected by the same error. Once the wrong coding took place, all the information was lost and could not be recovered, since the backup facility was damaged the same way the main system was. On the bank’s official Web site it was stated that, as a matter of policy, the main and backup systems were upgraded simultaneously. Even if the separation of two facilities was impossible, as RBC has claimed, there still was another way to prevent this malfunction, which was not used as well. The upgrade program was supposed to be carefully checked several times before the installation took place. This could be done through installing the software to the smaller database first, not as significant as the entire system storing bank’s information. If the software was tested and the failure was found during the first steps, it would be much easier, faster and cheaper to repair or replace the program. Bank called this programming upgrade “key banking software”, however, taking into consideration the importance of this installation, no necessary steps were taken to prepare bank’s staff for the complex process of the program updating. There was no one responsible for the supervision of the staff involved in the upgrading process. RBC’s management team and technology staff were responsible for going through all the necessary steps for upgrading the system. Both, management and IT teams, failed to make sure the upgrade program was checked few times before it was implemented.
Another bank’s mistake was not preventing its customers from the large number of thefts by hackers. Bank’s information, like its customers’ accounts numbers and passwords, became completely available for those, who wanted and knew how to use the situation. Few days after RBC has discovered the malfunction in its program, scam artists used it as an opportunity to get bank’s customers’ account numbers and passwords. Pretending to be from RBC, they were sending letters to the people, asking them to provide their accounts information for the review. Unaware of the deception, bank’s customers provided hackers with all the details stated in the fake e-mails from the bank.
This situation could be taken under bank’s control, but it was not. People could have been warned long before e-mails started reaching its destinations. The involvement of scam artist in the situation like this was predictable enough to make sure all the customers were informed about it in advance. RBC could take control over this issue by asking its customers publicly not to open any e-mails from the bank and not to give any account information to anyone for a certain period of time. These steps would prevent bank’s customers from losing their money and would increase reliability of the bank (already unstable by that time) in its customers’ eyes. However, this was not done not only in advance, but also after the first incidents were reported to the bank.
Apart from the fact that RBC did not save its backup facility and did not warn its customers not to provide anyone with their accounts information, RBC responded to the computer problem as fast and effective as they could. RBC has suffered from the loss of their entire database. All the information connected to the bank’s day-to-day operations and customers’ accounts had disappeared and must have been reproduced immediately. Despite of the difficulty of the task, RBC has finished all the repairing works within 8 working days. Bank has informed its customers that the system was repaired and was under control on June 8th, 2004.
The bank was not prepared for this kind of glitch to occur, and it had an effect on the overall reaction of its team to the crisis. The upgrade process was not thought through carefully and the organization went out of control easily after the failure. Since all the systems were damaged, bank did not have an opportunity to use a backup facility, and this was the reason for an inability for bank’s customers to access their accounts for such a long time. It took bank eight days to recover from its system’s breakdown.
Without taking serious oversight in handling media communications into consideration, RBC has managed the glitch in a responsible and careful way. The only serious customers’ dissatisfaction was caused because of the inaccurate prediction of the system’s recovery date. The absence of the CEO, Gordon Nixon, also had an effect on the situation in the bank. The inability of the bank to replace its CEO with only one person responsible for the media communication did not help the situation either. The underestimation of the glitch in the bank’s system was the reason why managers did not take all the necessary steps for handling this problem in a right and fast way.
After an incident, however, RBC took all the necessary steps in order to make up for the incident. First of all, it has issued a formal apology to its customers. Bank has given a detailed explanation on its official Web site of why the problem has occurred and how it was handled. Second of all, it has also announced IBM Corporation as its consultant in the future technical issues. Finally, RBC offered refunds to the customers, who have seriously suffered from the incident. It announced to its customers that the claims can be made via phone and internet till September 30th, 2004. Bank had hired Crawford Adjusters Canada to handle claims larger than $100.
These actions helped bank to enhance its reputation in people’s eyes. Despite the concern about the safety of their accounts, bank’s customers decided not to switch to another bank. They said, if that would not happen again, there was no need to rush in judging the bank according to this incident.
If I were a manager at RBC, I would first choose another day for upgrading the system. The best time for doing it would be the middle of the month, when all the main transactions are already made. I would change the date in order to make sure that, if anything happens, the failure is repaired without any serious losses both for bank and its customers. I would also change the controlling process within the organization. There would be exact guidelines of how matters like an upgrade of the system must be handled. The workers would not be left on their own to install and maintain the entire system in the bank. Higher level management and IT specialists would be supervising workers and each other during the upgrade of the program, and would be checking several times all the information entered by them to the program. Before starting such an important process as upgrading the entire banking software, workers would attend special lectures aimed at explaining and preparing them for it. During these lectures professionals in IT would explain in details the necessity of the upgrade, the steps that need to be taken during the process, the responsibility of each worker in the process, the importance of management’s involvement in every step taken during the upgrade, etc. In addition to that, the upgrade program itself would be checked few times before implemented to the system. It would be run through different smaller and less significant databases to ensure it works properly. It would then be first tested on the main system for several times, and then, separately, would be applied to the backup facility. This process would take much longer, but the problem would be noticed already during the testing period, and the software would be repaired or replaced before its implementation to the main and backup facility. The separation of two systems would still be the most important step for preventing an incident. If this was done by RBC before the installation, the bank would not lose all the information and would not experience all the difficulties it has experienced after the breakdown. Backup facility, as a part of the disaster recovery plan, must be kept away from all the activities applied to the main system.
Additionally, RBC would already have a recovery plan prepared in advance for cases like this. A large and complex organization like bank must always have a disaster recovery plan. The amount of information circulating within the bank through its programs is so great, that in case it is lost and cannot be recovered, thousands of people will be affected as a result of the glitch. Therefore, big companies that use computers for providing their services and have an access to the big amount of information must ensure they have all the necessary tools for protecting and controlling this data. It is necessary to have a recovery plan not only for software failures, but also for natural disasters, like earthquakes, conflagrations, etc. Disaster recovery plan is used to protect the information from the external forces. It enables the full recovery of the data after an incident. There would be a company responsible for a disaster recovery program specially hired by the bank. The recovery plan would be communicated with the company long before the incident. Then it would be implemented and tested after the emergence of the failure.
I would also handle the communication with media and customers differently. In case a failure like this happened in the bank, I would suggest not giving any exact information on when the system would be repaired. Customers would be immediately informed about the problem, however, they would only be told that bank is working on repairing the system and will try to do it as fast as possible. RBC’s customers would be constantly informed about the current situation in the repairing process. Additionally, in case CEO was not there, I would suggest choosing only one person responsible for communicating the problem with media. This looks more reliable, if only one person from the bank’s management is responsible for providing people with all the necessary information. Workers of lower levels would not have to explain everything to its dissatisfied customers and would not be responsible for passing bad news to them.
Finally, the issue with hackers would be solved in a different way. Bank’s customers would be informed about possible activities by scam artist on the first day of the system breakdown. The official letters or e-mails would be sent out to all the customers together with the message of the system’s failure. Then, if the problem still appeared, the person responsible for media communication would send an urgent message about the dangerous situation through television and radio.
ATTENTION! All free research paper samples and case study examples available online are plagiarized!
At EssayLib.com writing service you can order a custom research paper or case study on any topics you need. Your academic paper will be written from scratch. We hire top-rated Ph.D. and Master’s writers only to provide students with professional research paper assistance at affordable rates. Each customer will get a non-plagiarized paper with timely delivery. Just visit our website and fill in the order form with all research paper details: