Underinvestment in information technology (IT) by UK banks has left them vulnerable to cyber-attacks and operational breakdown, a report by the Institute of Chartered Accountants in England and Wales (ICAEW) has found.
The report, entitled Audit Insights: Banking, also found that no UK bank of any scale that has been in business for many years has an integrated or fully modernised IT system.
"Bank core IT systems are an ageing patchwork of different systems, held together by complex interfaces. They generally work but are increasingly fragile, inflexible and in need of replacement," ICAEW head of financial services Iain Coke said.
Despite the need to modernise these systems, Coke warned that replacing them is not an easy task and could create system failures, such as disruptions on the payments system.
"No-one knows how much a full system upgrade will cost as major IT projects are notoriously hard to budget for. However, it is likely to cost the largest banks several billion pounds," he added.
As well as a need for IT investment, the report also indentified a need for cultural and behavioural change, for banks to review their business models to respond to the post crisis regulatory landscape and the challenge of compatibility and consistency of performance reporting.
Finally the report highlighted the inconsistency of banks’ internal models, and Deloitte bank audit partner Kari Hale warned:
"Recent work by regulators has highlighted inconsistencies between banks internal models. Given their importance, the reliability of these internal models is a major issue that needs to be addressed."