The Bank of England yesterday published the report that it commissioned from Deloitte into the loss of the RTGS system on 20th October last year. Making any sort of post-incident review public is pretty unusual in itself, but publishing such a warts-and-all account of the incident is truly remarkable. In doing so,and sharing lessons identified, the Bank has done a great service to us all.
Many of the observations made in the report will be familiar to anybody working in business continuity and crisis management:
- The RTGS system had historically been very robust;
- The root cause of the problem was what was believed to be a routine configuration change, but turned out not to be, exposing a latent flaw in the system;
- Initial estimates of the time to restore the system were over optimistic; and
- There was a documented contingency solution but there was confusion about what it could deliver and people lacked confidence in it.
More surprising though are the observations around the crisis management arrangements, such as:
“Because there was no pre-defined structure for crisis response or clear roles and responsibilities between the Governors’ level and the teams working on resolving the issue, there were limited resources and a lack of process to gather, analyse and distil information to support decision making.”
The report also highlights many areas where the Bank performed well; and, in its response, the Bank has made clear how it has already addressed many of the issues identified. First and foremost though, the Bank is to be congratulated for putting all this valuable information into the public domain.