The Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) have fined Raphaels Bank £1.89m for failing to manage its outsourcing arrangements properly between April 2014 and December 2016.

The bank has been issued separate fines of £775,100 from the FCA and £1,112,152 from the PRA in respect of these breaches, totalling £1,887,252.

Commenting, FCA executive director of enforcement and market oversight Mark Steward said: “Raphaels’ systems and controls supporting the oversight and governance of its outsourcing arrangements were inadequate and exposed customers to unnecessary and avoidable harm and inconvenience. There is no lower standard for outsourced systems and controls and firms are accountable for failures by outsourcing providers.”

PRA CEO and deputy governor for Prudential Regulation Sam Woods added: “Firms’ ability to manage outsourcing of any critical activities is a vital part of maintaining their safety and soundness. Such outsourcing is an important part of a firm’s operational resilience, and particularly so in the case of Raphaels given the level of reliance on outsourcing in its business model.

'In addition, this was a repeat failing which demonstrates a lack of adequate and timely remediation. This is a significant aggravating factor in this case, leading to an uplift in the penalty.”

The FCA said the bank failed to have adequate processes to enable it to understand and assess the business continuity and disaster recovery arrangements of its outsourced service providers, with a particular focus on how they would support the continued operation of its card programmes during a disruptive event.

The absence of such processes posed a risk to Raphaels’ operational resilience and left its customers exposed to a “serious risk of harm”. Furthermore, these risks crystallised on 24 December 2015, when a technological incident occurred at a card processor, causing the complete failure of the authorisation and processing services it provided to Raphaels and lasted over eight hours.

In its statement, the regulator said: “During this period, 3,367 customers were unable to use their prepaid cards and charge cards. In total, the card processor could not authorise 5,356 customer card transactions attempted at point of sale terminals, ATM machines and online. Seasonal workers, who depended on their cards to receive their wages, used the largest prepaid card programme affected by the incident. The timing of the incident, on Christmas Eve, is likely to have exacerbated the impact of the outage.”

Raphaels agreed to resolve this matter and therefore qualified for a 30 per cent reduction in the fines imposed by both regulators. Without this discount, the combined fine imposed by the FCA and PRA would have been £2,709,574.

Share Story: