JOINT COMMITTEE ON FINANCE, PUBLIC EXPENDITURE AND REFORM díospóireacht -
Wednesday, 4 Jul 2012

Today we will consider the safeguards in place to mitigate technical difficulties in the financial services sector. I welcome the delegation from the Central Bank, Mr. Bernard Sheridan, director of consumer protection, Mr. Paul Molumby, head of payments and securities settlement division, and Mr. Shane O'Neill, head of banking supervision. Mr. Sheridan will make his opening statement which will be followed by a question and answer session.

I remind members, witnesses and those in the Visitors Gallery that all mobile telephones must be switched off as otherwise they will interfere with the sound production in the room. By virtue of section 17(2)(l) of the Defamation Act 2009, witnesses are protected by absolute privilege in respect of the evidence they are to give this committee. If a witness is directed by the committee to cease giving evidence in relation to a particular matter and the witness continues to so do, the witness is entitled thereafter only to a qualified privilege in respect of his or her evidence. Witnesses are directed that only evidence connected with the subject matter of these proceedings is to be given and witnesses are asked to respect the parliamentary practice to the effect that, where possible, they should not criticise nor make charges against any person or persons or entity by name or in such a way as to make him, her or it identifiable.

Members are reminded of the long-standing parliamentary practice that they should not comment on, criticise or make charges against a person outside the House or an official by name in such a way as to make him or her identifiable.

I invite Mr. Sheridan to begin the presentation.

I thank the committee for its invitation to attend the committee meeting today.

I wish to be very clear. The Central Bank views extremely seriously the matters that have arisen at Ulster Bank. This type of disruption for customers is unprecedented in Irish banking. While everyone can understand that IT failures can occur from time to time, the contingency planning of RBS and Ulster Bank has self-evidently been appalling and the approach to customer communication has, at times, been exasperating.

We are very concerned about the impact this disruption is having on customers and with the delay in restoring normal banking services. We have already publicly described this situation as unacceptable and it remains so today. We have articulated these concerns directly, and repeatedly to the most senior executives in Ulster Bank and its parent, RBS. The failure of the RBS contingency plans to restore normal service to customers of Ulster Bank in a reasonable timeframe is clearly inexcusable. Our immediate priority is that Ulster Bank and RBS fix this while ensuring that they provide all necessary assistance to each and every customer impacted upon. Ulster Bank and RBS have many serious questions to answer as to how they allowed such a situation to emerge and develop. We have instituted our own investigation of these events and we are also working with the UK authorities as they investigate the root causes. It is only at that point will we be able to verify the cause of the disruption and the response of RBS and Ulster Bank to it. While it is not proposed to get into too much detail in this short opening statement, during the course of the hearing this afternoon we would like to have an opportunity to discuss the respective supervisory and oversight arrangements that are in place for RBS, Ulster Bank and the payments system.

As regards this specific incident, the Central Bank was first informed by Ulster Bank of its problems on Wednesday, 20 June. The initial review by RBS indicates that this incident emanated from a technical failure on 19 June in the overnight central batch processing which is managed and operated by RBS in Edinburgh. This resulted in a failure with the scheduled batch processing on this date for RBS, NatWest and Ulster Bank. The initial attempts by RBS to restore normal service to Ulster Bank customers were unsuccessful, and this led to further delays and an increase in the backlog. Since then RBS has experienced considerable difficulty in working through this backlog.

The Central Bank has, since 20 June, been heavily engaged not only with Ulster Bank, but also with RBS, in trying to ensure that the problem is resolved by RBS. We have also been working with the UK authorities responsible for regulating RBS to ensure that they are doing everything possible to resolve the difficulties. While it is not possible at this stage to discuss the specific technical reasons for the failure, as this will only emerge in time following detailed investigation, we would be happy in the course of the hearing to give the committee an overview of what we have been informed of to date. Our immediate concern from the outset and throughout the incident has been to ensure that Ulster Bank provide as much assistance as possible to its impacted customers, that arrangements be put in place to ensure that those customers can carry on their business with the least possible disruption, and that communications to those customers are sufficient to keep them fully informed as to the facilities that are available.

Ulster Bank had a very poor first touch on this. Its communications to customers and the arrangements initially put in place were not, in our view, at all adequate. We continue to press it to ensure that sufficient and consistent arrangements are in place across the branch network to provide customers with timely and accurate information, access to funds and support and advice particularly for those customers facing financial difficulties and hardship as a result of their systems failure.

As soon as normal banking service is restored, we will be requiring Ulster Bank to put in place a comprehensive restitution plan for impacted customers. We are insisting that its customers, and those of other institutions affected, are compensated for costs and charges they may have incurred. This will need to take into account the delay that has been experienced, and continues, in restoring normal service. It has to be recognised by Ulster Bank in designing this restitution plan that its customers have been seriously inconvenienced by these events. This extends to the small and medium business customers as well as to personal customers. We will expect this plan to be implemented effectively and efficiently and we will be monitoring it throughout not only for Ulster Bank customers, but also for customers of other banks who have been affected.

The system failure at RBS in the UK has had a major downstream impact on Ulster Bank's payments systems. Our national payments system has responded to this incident quickly and effectively, by putting in place arrangements and measures to ensure that certain transactions were re-routed through a contingency payment gateway for electronic clearing to facilitate bulk payments such as large corporate payrolls and social welfare payments, on behalf of Ulster Bank. Aspects of the national payments system contingency plans, established on direction of the Central Bank last year, were invoked and proved effective and some of these measures will remain in place until the resolution of the Ulster Bank incident allows for a full return to normal operations.

The precise details of what happened, how and why it occurred, and the manner in which this technical failure at RBS was able to have such a damaging impact on the customers of Ulster Bank, have yet to be established. Through the requirements we are putting on Ulster Bank and through our own work and that of the UK authorities, a full incident report will be produced. It is only through establishing the detailed facts behind this failure that we can fully assess what needs to be done, both at Ulster Bank and, as necessary, at other banks in the system, to ensure that such an incident does not recur and if it does, that it will not have the impact that this particular case has resulted in. However, it is clear that the arrangements for an IT systems failure have not operated as expected at Ulster Bank and, as a first step, the Central Bank has instructed all banks in the Irish clearing system to review their contingency plans and to formally reconfirm that a robust recovery capability is in place. These will be reviewed in light of the lessons learned from this experience.

There is a risk assessment process in place for the Irish payments system. The process is co-ordinated by the Irish Payments Services Organisation, IPSO, overseen by the Central Bank. In light of the ongoing incident at Ulster Bank, the IPSO board has agreed, at our request, that an independent review of the risk assessment methodology be conducted by an independent risk management firm to ensure it is as robust as possible. The recommendations from this review, in conjunction with the findings from the RBS investigation, will drive a number of actions to mitigate the risk of recurrence. The Central Bank has worked proactively to ensure that appropriate actions have been taken to minimise the impact of this external shock to the national payments system. There has been strong industry support and collaboration to provide contingency payment processing solutions for Ulster Bank. The Central Bank has ensured that the national payments system and the other banks that participate within it stand ready to offer further support to Ulster Bank if this is required.

In conclusion, I wish to assure the committee that the Central Bank has taken the most serious view of this matter and is acting accordingly. Our focus in the comings days will continue to be on ensuring that Ulster Bank and RBS resolve their payments backlog as quickly as possible. We will remain engaged at the highest levels in Ulster Bank and RBS on this matter. Our immediate priority is that everything possible should be done to facilitate and accommodate customers until normal service resumes. We will seek full and proper restitution for those customers from Ulster Bank. The Central Bank will continue with its own examination and will also continue to work closely with the UK authorities in order to expose fully the causes and downstream effects of this incident. We will remain engaged with all Irish banks and IPSO regarding contingency planning and risk management to mitigate the risk of recurrence and to avoid any repeat of this in the Irish market.

I have a few questions for the purpose of clarification. In the first instance I ask for clarification on the powers of the regulator which is the Central Bank. We know there are codes in place such as the consumer protection code and the minimum competency code. There may be other codes. I want to get the context. Mr. Sheridan has expressed concern and annoyance and he has identified one or two actions the Central Bank proposes to take. What is the context in which the Central Bank can take action from the point of view of its powers?

This incident originated at RBS. Ulster Bank relies on its parent organisation RBS to process transactions. We will be investigating with the FSA to find out what went wrong at the RBS level. We will be investigating, with the FSA, what went wrong at the RBS level, but we will also focus on Ulster Bank's response, initially and subsequently, to what has happened. Our powers relate to Ulster Bank as we are the prudential regulator of Ulster Bank and it must comply with our conduct of business rules. We have clear powers relating to Ulster Bank in Ireland. We also have powers when things go wrong, in terms of taking enforcement actions. I will not go into those today in respect of what might come out of this, as we must carry out the investigation and ensure there is a thorough analysis of what went wrong and Ulster Bank's role in that.

Nobody expects you to go into what what you specifically propose to do with regard to compliance actions, but we would like to know what the context is for those types of action being taken, for example, the type of enforcement actions the Central Bank can take. We might have questions about the specifics later but I can understand that you will not signal now a particular action you propose to take. What are the types of action you can take? Presumably, those two codes apply to Ulster Bank.

Yes. What applies to Ulster Bank is that this is the area of operational risk, where its operations have basically failed to deliver the service to the customers. There are various elements to that. One can look at what we have done in the past in terms of actions we have taken against other banks, insurance companies and other providers where there are systems and controls issues and failures and where we have taken regulatory action. Those actions include, for example, imposing fines on the firm, imposing fines on individuals where they have been found to be responsible, restricting business and so forth. The previous actions we have taken have been imposing restrictions and fines, but that follows a detailed investigation.

The specific incident in this case is described as a technical failure which occurred in Edinburgh. You have said a few times that the details will only emerge after a full investigation which has yet to be established. The Central Bank must have some insight into what occurred. It is almost three weeks since whatever happened on 19 June, so we are seeking an overview, at least, as to what is involved here.

It is important to note that the problem is ongoing and the primary focus of the Central Bank is on ensuring that all is done to minimise disruption for customers and ensure RBS and Ulster Bank rapidly recover the situation. While the situation is ongoing we continue to meet with RBS and Ulster Bank on a daily basis and we have gathered the following information.

A software patch was applied to the core retail banking system of RBS Group on Tuesday evening, 19 June. We were advised that the software patch caused the RBS Group retail banking system to fail. We understand RBS decided to attempt to speed up the recovery of the Ulster Bank aspects of that and this attempt at a faster recovery failed and caused an additional delay to the recovery period. It has taken RBS and Ulster Bank several days to recover the capability to commence processing customer payments. It has taken RBS longer than one elapse day to recover one day's processing and this has caused the bank to be a number of calendar days behind its normal schedule. In our ongoing discussions we see evidence that RBS has improved the recovery times. We are pleased to see from today's statement that RBS and Ulster Bank have accepted that it will take them at least another two weeks to recover the backlog.

These events give rise to many questions for RBS and Ulster Bank. Did the IT controls fail at RBS and, if so, why did those controls fail? Why did the NatWest and RBS banking systems recover in considerably faster times than the Ulster Bank systems? What management control and governance were applied to the attempt for faster recovery? Why has the recovery of one day's processing taken longer than one elapsed day? Could Ulster Bank, and not RBS, have taken different courses of action in its recovery steps? The Central Bank, with the UK authorities, will address these questions and other matters in our investigation of this incident. Our current focus is, as outlined by Bernard Sheridan, to ensure the bank remains focused on customer and recovery.

That is a very good question. We have the same question. Until we carry out the investigation we cannot say that this is what actually happened. There is the initial incident, the response to that incident and what happened at that time. Finally, there is the question of why its contingency plans failed to deliver a speedy response. Those questions remain unanswered. We are getting information from RBS, Ulster Bank and the UK authorities about what has happened and what is going on, but they are valid questions and we will not have full answers to them until we complete our investigation.

I thank Mr. Sheridan, Mr. Molumby and Mr. O'Neill for appearing before the committee today. Mr. Sheridan used some strong language in his opening statement and I welcome that. I would like to have heard it much earlier. Obviously, this is primarily an issue for Ulster Bank and its representatives will appear before the committee tomorrow, when we will ask them some hard questions too.

I wish to address the role of the Central Bank first. The response from the Central Bank was too slow. We heard nothing from it in the first few days of the crisis. I visited the Central Bank's website on the Saturday morning after the Wednesday when this problem became apparent but there was no reference to what was happening in Ulster Bank. When the Central Bank issued a statement on the Sunday, it was inadequate. It merely referred people to Ulster Bank. The Central Bank is the regulator of Ulster Bank and the other institutions as well as being the consumer watchdog, and I would like to have seen far more up-front and active engagement in a public realm. Perhaps this was happening in the background but the Central Bank should have reassured people earlier and publicly that it was on top of the situation and was actively involved.

To get to the core of the issue, Mr. Sheridan said that this software patch issue arose on Tuesday, 19 June, and it came to his attention on Wednesday, the following day. He will recall that the response from the bank at the time was that it would clear the backlog over the following weekend, that the technical issue had been resolved and that normal service would resume by the following Monday. Compare that to what the bank is saying now, two weeks later. Its statement today refers to expecting gradual but significant and noticeable improvements throughout the remainder of this week and next week and states that it expects that by the week of 16 July the vast majority of customers will return to a normal service. It is not even saying that all customers will have a normal service by 16 July. The goalposts have shifted a number of times and the bank has mishandled the entire affair. It is clear that it was not on top of the issue when it first broke. Perhaps it did not have a handle on the scale of the problem, but the misinformation that was given by the bank contributed to an already bad situation for customers, and this is all about the customers.

I hope the witnesses have the answers to some pertinent questions. Does the Central Bank know how many transactions have yet to be processed by Ulster Bank? Does it know the scale of the backlog the bank is currently facing? How many days of normal activity would be represented by that? Mr. Molumby referred to that issue a while ago. How many people are affected? Ulster Bank is now acknowledging that it is significantly in excess of 100,000 people, but how many on the island of Ireland have been directly affected by this? Is Mr. Sheridan satisfied that it is merely an issue of clearing the backlog? It probably took more time than was readily acknowledged to deal with the technical issue, so is it simply a case of clearing the backlog? Are all automated payments, for example, going through in the normal way? It is important for us to deal with that.

People will ask the key question as to why there was no contingency plan. Why was there not a back-up system that could have been activated when the software patch failed? It also raises questions about the other banks' disaster recovery plans, to which I will revert in a moment.

Apart from remaining in contact with Ulster Bank, the RBS group and the FSA in the UK, does the Central Bank have people on site today in Ulster Bank's headquarters supervising the recovery process and ensuring that everything possible is being done?

As regards assessing Ulster Bank's and the other banks' capacity to deal with issues like that, Mr. Sheridan said he has instructed all banks to review their contingency plans and formally reconfirm that a robust recovery capability is in place. That goes to the heart of the problem. The Central Bank is asking the banks to review their own plans and reconfirm that a proper recovery capability is in place, but that is not sufficient. We must move beyond that.

Mr. O'Neill was honest enough to admit that the Central Bank does not have the expertise to deal with the banks' IT systems, but that poses the fundamental question as to how one can regulate what one does not have expertise over. As the consumer watchdog and regulator of these institutions, how can the Central Bank ensure that it has full public confidence in its ability to deal with these affairs when Mr. O'Neill has acknowledged that the Central Bank simply does not have the IT expertise to properly interrogate and handle these systems? That is what goes to the heart of this matter.

Mr. Sheridan referred to a comprehensive restitution plan for customers, which he expects from the bank. What does he envisage such a plan would involve? Customers have already been assured that they will not be out of pocket, but does Mr. Sheridan expect Ulster Bank to go further than that and compensate people for the inconvenience and loss of working time? Many people have had to visit branches, including at weekends, to access cash to maintain some standard of living. Does Mr. Sheridan have any idea as to why RBS and NatWest in the UK seem to be so far ahead of Ulster Bank in resolving the difficulty? They are not quite there yet, but they are ahead of us. There is a suspicion that Ulster Bank is being treated as the poor relation in all of this.

Taking up the Chairman's point, is the Central Bank satisfied that it has sufficient powers to deal with a crisis such as this one? The Central Bank (Supervision and Enforcement) Bill is before the Oireachtas and went through Second Stage in the Dáil last October. We have not yet seen it brought forward to Committee Stage some nine months later. Does the Central Bank need additional powers or are its existing powers adequate to deal with a situation like this? In other words, could the Central Bank have done any more if it had had additional powers?

In respect of our initial response being slow, our focus at the beginning was to ensure that it was resolved very quickly. We were monitoring the situation from when we were first informed of it on 20 June. As we monitored it over the following weekend, it became apparent that this solution was not going to be delivered as the bank had committed to doing. That is why we felt we needed to issue something publicly, which we subsequently followed up during the following week. We have, therefore, been focused on the issue from the beginning. Maybe we should have issued something sooner, but our priority was trying to get it resolved. When it became apparent over the weekend that was not going to happen, we issued a statement on Sunday morning.

We share the Deputy's frustration and concern about the changing timelines for resolution. I have already said in my statement that we are critical of the communications. For customers of Ulster Bank the critical issue is when it will be finally resolved and when they can have confidence again in Ulster Bank's systems. We have been pressing them to be clear with customers on that. We welcome the guidance they issued earlier today in terms of giving some idea as to when it will ultimately be resolved. We are not satisfied, however, as to how they have been handling their communications.

As regards the scale of this, it is difficult for anyone to estimate at this stage how many people have ultimately been impacted. Certainly, within Ulster Bank most of its retail customers and the SME sector have been directly impacted. However, a large number of people outside Ulster Bank, who are customers of other banks, have also been impacted. We will be working to ensure that the restitution programme not only covers Ulster Bank's customers - in terms of costs and charges incurred in respect of its failure - but also the wider issue of the inconvenience that customers have had to suffer simply because Ulster Bank and RBS could not deliver the system and service.

We have been on site since this issue first arose. We are on site with Ulster Bank and have close contact with the UK regulator, the FSA, in terms of its involvement with RBS's Edinburgh headquarters.

In addition to the restitution plan, there are other aspects - for example, the credit ratings of individuals - that may perceive that one has missed a loan repayment. We have been pressing Ulster Bank to work with the Irish Credit Bureau to ensure that does not happen. We are also pressing it to work with other utilities and service providers to ensure that customers are not impacted.

In respect of why Ireland is so far behind the UK, we do not know the full answer to that. Initial indicators were that, the way the system was designed within RBS, Ulster Bank featured third in the process - that its transactions were processed third in the queue. That certainly contributed to the initial delay when this issue first arose, because the system was disrupted at a point in time and clearly Ulster Bank was affected by that. Maybe if it had been earlier in the queue it would have been less affected.

This is about the issue being resolved but we need to be careful what we mean by that and what Ulster Bank means by that. The impression might be that it has resolved the problem, but what it means by that is that the technical problem that occurred in the system has been sorted. However, the impact that has had is far from being resolved at this stage. We have been assured from the highest level in RBS that Ulster Bank has not been de-prioritised. We have those assurances, but it is something that we will be looking at as we carry out our investigation.

I will now ask Mr. O'Neill to deal with the issue of expertise.

I would like to address the Deputy's question on how we can supervise banks if we do not have IT expertise. In addition, the Deputy raised questions about the adequacy of contingency planning in the banks, and why the contingency planning did not work in the case of Ulster Bank, or RBS as it is, in effect. To put it in some context in terms of our supervisory approach, we adopt a risk-based approach to supervision which is very common. It is the best-practice approach to supervision. One of the key risk areas that we examine is what we call operational risk. These are risks that processing systems and premises fail, and that the bank has a proper review and assessment processes in place - what we call an operational risk framework - to continually asses and review all of those processes and systems.

We approach the supervisory job by examining those processes and looking at outputs from the assessments and reviews they do. In addition, the institutions all have internal audit functions which cyclically review various aspects of the control functions. Indeed, they review the effectiveness of the operational risk function. Therefore, we review all the outputs from all these types of functions in the banks. If the banks are not taking what we deem to be adequate action, we impose actions upon them through risk negation plans with specific times and actions for delivery.

On top of all of that we look at the robustness of those functions, the internal audit function and the operational risk function, so that we are satisfied that they can offer a suitable challenge and test and assess the appropriate functions. We focus on key areas in an institution and we deem what the key risks are. A lot of the work that we spoke about under operational risk and internal audit would be fairly routine but we also put a particular focus on key areas of risk which, currently in the environment that we are going through, is in the area of loan losses, credit risk, liquidity and capital adequacy through stress testing. A lot of effort goes into those areas.

Under the operational risk heading we include business continuity planning and contingency arrangements. We look at a bank's arrangements for business continuity planning and see that those plans are put through a rolling testing process. We look at the adequacy of those plans in terms of their coverage and we make sure that they are kept up to date and go through proper governance processes in the institution. A lot of institutions have done work around these areas quite recently.

One of the issues in the Ulster Bank case was that their centralised processing function was based in RBS in Scotland. It is remote to Ulster and is managed by the RBS Group and, therefore, primary responsibility rests with its group operations. This is not to say that the Ulster management and directors do not have a responsibility, of course they have. In any outsourcing situation there is a keen responsibility on the entity management and directors to ensure that those arrangements are suitable and that there are appropriate contingency facilities in that outsource environment. The issue here is that we found during the course of this event that the Ulster Bank's knowledge of its back-up and contingency arrangements was somewhat insufficient and lacking and that will definitely form part of our post-event work.

In this instance there was an IT issue that was promptly addressed. The real issue then was when the system was restored nobody had anticipated that had a backlog developed when the system was down, processing the backlog would cause such issues as it has. As Mr. Molumby mentioned, it took more than 24 hours to process something that would normally take one day or be processed in a much shorter time.

From a supervisory perspective we also work with the UK authorities who have a responsibility for managing and overseeing the supervisory arrangements in RBS. That work is done through what we call supervisory colleagues. There is an ongoing dialogue with the UK regulators and there are regular meetings and conversations to discuss key matters. There is a much more formal process whereby we all get together for a number of days annually to discuss all of the issues surrounding the various aspects of the group. It is through those means that we gain an insight into any weaknesses that they have identified in RBS that might impact on Ulster and vice versa. It is fair to say that none of those issues around contingency planning were identified in any of those previous meetings. That is the context of how we go about trying to assure ourselves.

There is one issue that I did not respond to earlier and that is our powers. We are seeking additional powers through the new Bill in terms of increasing the fines that we can impose upon firms and, in other areas like a consumer redress schemes, the ability to apply those in situations where, across the system, consumers are affected and in terms of protections for whistleblowers. We are due to get additional powers. I do not think that we are looking for more powers on top of that but we will use those powers when we get them.

I thank the delegation for attending today. I understand that its immediate concern must be to deal with the problem and to ensure that everything is back up and running as quickly as possible. I welcome the fact that the organisation has talked about liaising with the Irish Credit Bureau. It is essential because people have experienced real and practical problems, both businesses and ordinary households. Bills have not been paid and the matter needs to be dealt with. The organisation has talked about restitution. People can put up with such disruption for a few days but they are really scared now because their bank does not seem to be able to get on top of the problem. They worry that if it can happen once then it may happen again.

I welcome the review of all of the contingency plans in all of the banks, notwithstanding the point made by Deputy Michael McGrath on the Central Bank's ability to supervise. It seems to me that we are moving inexorably towards a cashless society but that depends on us having absolute confidence that when money is lodged in a bank that one can still has access it and that the bank system works. This event is the first demonstration that the system might not work. What if it happens again? If I were an Ulster Bank account holder, which I am not, I would hold on to my cash and not depend on the bank. I do not need to tell the delegation what would happen if everybody did that. Is it a worry for the delegation?

The Central Bank is dealing with the immediate problem. Does it view the event in terms of the implications it has for the entire banking system? If it happened in one bank it might happen in others. Perhaps it is a wake-up call. I understand that there are more cash transactions in Ireland than in most developed societies. I have heard that the population is moving towards conducting their financial transactions on mobile telephones. The recent technical difficulties puts a dent in such progress. I would like to hear about the bigger picture.

Before I outline the bigger picture I wish to say that we share the concerns expressed by the Deputy. People have contacted us directly and we know people that have been directly impacted by it. This morning the Ulster Bank issued guidance on how much longer the difficulties will last. From our perspective we are going to remain on top of it until normal service is resumed. That means every customer's accounts must be up to date and they must have full access to their accounts and know exactly where they stand. We will not let up on the matter until that happens.

The committee will meet the Ulster Bank tomorrow and the bank will explain the current situation. We believe that it will get there. In this instance recovery should have happened within a matter of hours rather than days but it has dragged on for weeks. Confidence in the system is an issue. I would caution against advising people to keep cash at home because there are also serious issues around that. Deputy Mitchell said that the banking difficulty has put a dent in the confidence in the system. The system is only as good as an individual bank's systems. Despite the Ulster Bank relying upon its parent company that operates in a highly regulated environment in the UK things do go wrong. Things will go wrong and errors will happen. The problem has been how the bank has dealt with it and the delay in getting through it. We have the same concerns but we will stay on top of the matter until it is fully resolved. Restitution will be part of that. One cannot say that the matter is fully resolved until people have had their accounts put right again. I shall now ask my colleague to comment on the wider system.

The issue here concerns the core processing of a bank's system in terms of its ledgers, and updating its accounting and facilitating payments. As I understand it, whether it was through the ATM channel, the over-the-counter channel in branches or the Internet channel, direct debits, standing orders and all of the relevant payment instruments have been impacted upon. It is important to see this matter in the context of the fact that there has been a significant shock to the payment system. That system consists of all of the players, products and instruments and a set of rules and procedures that have been developed to facilitate the transfer of payments across the system, both domestically and internationally, and, hopefully, on a without-borders basis in the EU area. The payment system has absorbed the shock. That is no great comfort to Ulster Bank customers who have been affected by events. The other banks, in conjunction with the Irish Payment Services Organisation, IPSO, have put in place remedial actions to support Ulster Bank. As Mr. Sheridan indicated in his opening statement, aspects of the relevant contingency plan have been invoked in order to support the bank. The other banks stand ready to further accommodate Ulster Bank, if appropriate.

While we would have to focus on remedial action in respect of Ulster Bank customers who have been impacted upon by what occurred, downstream the national payment system absorbed the shock and has reacted speedily in order to accommodate everyone as best as possible. I say this notwithstanding the fact that very significant upset has been caused to those customers.

I welcome our guests and I thank Mr. Sheridan for his opening statement, even if it has arrived somewhat late in the day. Mr. Sheridan referred to the situation relating to Ulster Bank as "appalling", "exasperating" and "inexcusable". I welcome his use of those words because there is a great deal of anger among the customers of Ulster Bank who paid the latter a handsome profit in the past through the payment of charges, fees and interest. In addition, senior officials within the bank are handsomely paid. The customers to whom I refer are looking to the regulator and the Central Bank to ensure that their interests are protected.

Mr. Sheridan indicated that Ulster Bank's communication with customers has, at times, been exasperating. He is correct in that regard. However, the same thing could be said about the Central Bank. I take on board what Mr. Sheridan said with regard to the latter being genuinely concerned with seeking to rectify the problem. When people could not obtain information from Ulster Bank, they sought it from the regulator and the Central Bank. However, it was not forthcoming. The statement issued by the Central Bank nine days after the crisis began to unfold was eight lines long and did not contain any of the adjectives used earlier by Mr. Sheridan to describe the situation. In my view, this statement failed to provide any comfort or explanation to Ulster Bank's customers in respect of what occurred. When Deputy Michael McGrath and I raised this matter in the form of a Topical Issue in the Dáil last week, the Minister for Finance referred to statements made by the governor of the Bank of England in order to describe the appalling nature of what has happened in Ulster Bank. The Minister's Department could not find suitable adjectives in the Central Bank's initial statement to highlight the nature of what has befallen the customers of Ulster Bank. Having said that, I still welcome the statement made by Mr. Sheridan.

The previous speaker referred to the Irish Credit Bureau. The Minister indicated previously that Ulster Bank will work with the latter and with the other banks. For various reasons, people do not have faith in the banks. Even when customers hear that Ulster Bank and the other banks are going to liaise with the Irish Credit Bureau to ensure that their credit histories will not be affected, they still worry. Is the Central Bank in a position to confirm that no person who missed a payment as a result of the catastrophe at Ulster Bank will have a black mark placed against his or her name by the Irish Credit Bureau? A simple reassurance from the Central Bank in this regard would be welcomed by customers.

Ulster Bank and the Royal Bank of Scotland have stated that the reason the former has been left on the hind tit is as a result of an issue relating to sequencing and that it had nothing to do with the fact that there were Irish customers involved or that the British had recapitalised the latter. Mr. Sheridan and our other guests have indicated that the Central Bank's priority was to ensure that the matter would be resolved as quickly as possible. Is Mr. Sheridan satisfied that it was impossible for this issue to be dealt with in a much quicker way? Was it the case that Ulster Bank had to be the third of the three institutions involved to have its problems resolved? Has the bank presented a factual version of the events relating to this matter?

The committee is due to question officials from Ulster Bank tomorrow. In the context of the powers of the Central Bank in the area of regulation, Mr. O'Neill stated that the bank reviews the processes and risks involved and that if it is not satisfied with these, it can impose risk mitigation plans. Did the Central Bank review the process and risk relating to the recovery capability of Ulster Bank? I appreciate that this matter was centrally processed in Edinburgh. However, the Central Bank is responsible for regulating any bank that operates in this State. Did it review the process relating to that bank's recovery capability? Did it examine Ulster Bank's contingency plan? Why did the Central Bank not identify the fact that an IT failure could occur? Why has that matter not been dealt with? If it has been dealt with, how did the Central Bank get matters so wrong. I welcome the review relating to Ulster Bank and its processes but the regulator must indicate how it did not identify the fact that a scenario such as that which has occurred could arise.

I understand that it is not possible to foresee every possible scenario. However, Mr. Sheridan stated that the Central Bank wants the banks to reconfirm that they have robust recovery capabilities in place. I presume they previously confirmed that the appropriate systems in this regard were in place and that the Central Bank reviewed these. As Mr. Sheridan indicated, if the Central Bank was not satisfied with these it had the power to impose risk mitigation plans. Why did this not happen in respect of Ulster Bank? This problem first arose on 19 June last. Four hours ago Ulster Bank circulated an e-mail to all Deputies informing them that normal services will resume for the vast majority of customers. The bank is, therefore, indicating that almost one month after the current difficulties first emerged some of its customers will still not have access to normal services. That is absolutely ludicrous.

The Royal Bank of Scotland is under scrutiny by the FSA in Britain. There are a number of reasons for this, one of which relates to the mis-selling of interest rate hedging funds. The latter offer protection against interest rate increases which might arise in the future. The Royal Bank of Scotland did not inform of the downsides of such funds and has been fined as a result. Is Mr. Sheridan in a position to confirm that Ulster Bank did not participate in mis-selling of that nature in this State?

I hear what the Deputy is saying in respect of communications from the Central Bank. I reiterate that our priority was to try to resolve the matter. As soon as the communications problem became apparent, we went public on it. However, I hear what the Deputy is saying with regard to the comprehensiveness of our statements.

In terms of the Irish Credit Bureau, I am satisfied that there is a process in place to ensure that no customer will have a black mark placed against his or her name as a result of the Ulster Bank incident. I think people can take comfort from that.

We are not 100% happy in respect of the issue of sequencing, particularly in the context of why Ulster Bank was last in the queue. It is surprising that the sequencing led to the bank being third in the queue. That is the way the system was set up, according to RBS. It led to an initial problem and when the initial problem arose the banks seemed to be behind the problem rather than addressing it before the problem arose.

My concern is how Ulster Bank was dealt with after the event. My colleague has explained as much as we know of what happened after the event and how Ulster Bank attempted to resolve the problem. That led to additional delays in respect of Ulster Bank. The backlog that arose made it more difficult to recover the backlog. We have received assurances from RBS that there is no agenda in terms of Ireland being put behind the UK. Should Ulster Bank continue to be in that position, where it is at the end of the sequencing, we will examine it.

I will ask my colleague, Mr. Shane O'Neill, to respond on the issue of our powers in respect of regulation and risk mitigation plans.

A number of questions arose regarding the view of the Central Bank in respect of Ulster Bank's contingency planning and whether we found problems with it and, if so, why we did not impose risk mitigation actions and, if not, why it happened. I have already described the approach we take. In the case of Ulster Bank, processing takes place in Edinburgh. From a contingency perspective in Ulster Bank, our view is to see that it has a hot site so that in the event of a system going down or premises being out of action, it can get to a hot site in a relatively short period and be up and running on a back-up system in a back-up premises and that it has all of the information it needs to conduct business as usual and the space necessary to house the necessary people to conduct business as usual. That is the extent of the contingency arrangements we expect it to have in place in this country. RBS must have contingency arrangements for the group if it is the group processor. We do not supervise the contingency arrangements for RBS. That is a supervisory function of the UK authorities who undertake a supervisory role in respect of the RBS bank. We did not have an issue with the arrangements in Ireland. The UK authorities did not bring to our attention any issue they had with the arrangements in the UK. There may be lessons to learn from this when a review is undertaken in the near future.

I appreciate that the witnesses said all they considered was whether the bank had a hot site and a second backup. Experts say they should have gone online there and done the patchwork. That has happened. The issue that faces us is not the IT disaster but the recovery. Has the Central Bank ever thought about the idea that something could happen, leading to backlog? The witnesses know banks better than anyone. Has the Central Bank never thought about disaster planning if the system goes down and the fact that there would be a backlog of payments and a need for a recovery plan? Earlier, we heard it was taking more than a day to deal with a day's payments so the recovery plan is entirely inadequate. The bank does not have additional staff or computers or whatever is needed. Did the Central Bank not consider this issue in order to be satisfied about contingency plans?

It appears that none of RBS, its auditors or any of those examining its contingency arrangements identified the fact that processing a backlog could take six times more than it would take to process the same size batch of transactions in next day processing. That is the main problem. They did not realise that processing the batch that is a number of days old takes so much longer than processing a batch in its normal slot. That is due to the various validity and integrity checks the system automatically performs on data when it is being processed. That timeframe was not anticipated.

We expect contingency plans to be sufficient to cover a scenario like this but it did not. The Chairman correctly points out that they have only gone one or two days behind and we must question why this is such an issue to resolve. We do not know for certain what happened and the implications of their intervention following the initial problem. Why did it cause such an impact and why were the contingency plans inadequate to deal with the backlog that ran into a number of days? These are questions that remain to be answered.

The question is not for Ulster Bank but for the Central Bank witnesses as regulators. If we park Ulster Bank and imagine that, God forbid, there is a problem with Bank of Ireland and it goes off-line for two or three days. We will then have a backlog. My understanding, from the witnesses' comments to the committee, is that the Central Bank has not reviewed any processes within Bank of Ireland, AIB and Ulster Bank in respect of contingency planning for dealing with backlogs. The only issue the Central Bank has been concerned with heretofore is the hotspot to ensure that the bank can get online if it goes offline. If that fails, there is the legacy issue to which the Chairman adverted. The regulator has not been dealing with this. Will the Central Bank ensure all banks have a contingency plan to deal with the backlog so that we do not have to wait five weeks in future for normal service?

All banks are required to have a contingency plan. They are tested by the banks, not specifically by us. Their systems are not tested by us but the banks are required to test them. The fallout and the lessons learned, in terms of the impact to the customers of Ulster Bank, must feed into the wider system.

I do not have to hand the exact number of accounts in Ulster Bank. Most of their customers are affected by this but I do not know the exact figure. It is a substantial amount.

The difficulty for SMEs is that they need access to banking in order to be able to manage their business. Ulster Bank, as I am sure it will explain tomorrow, has been engaging with representative bodies of small businesses to ensure it is dealing with the issues that arise. They have arrangements in place but these are temporary arrangements to allow small businesses to gain access to funds. It is not a satisfactory arrangement and it causes additional risks and imposes additional costs on small businesses. It is a temporary emergency situation.

We can only deal with the temporary measure given that we are in the middle of the problem. Is Mr. Sheridan saying with certainty that small and medium-sized businesses are being facilitated? It will be interesting to see what happens when people hear that.

Does the Central Bank monitor the updating of software packages? Is there a procedure to monitor such updates or are spot checks carried out when software packages are added?

What we have in the Ulster Bank is a system failure. What we need to ascertain is that the banking sector within this country does not have the same system failure and the information that is being given to the regulator is true and accurate. That has not always been the case in the past for what were known as "independent audits". It is not good enough for the banks to tell the Central Bank that they have carried out an internal audit on hotspots and that it is accepted as fact. That is how we got into trouble in the past. That seems to be what Mr. O'Neill is saying.

If the internal audit function of a bank performs a task, we accept that the task has been performed by it properly. We will review its assessment of the outcome of its findings and see if we agree with it. If we do not we will then have some concern about its methodology and we will impose our own requirements.

From the answer I would have concerns about the Central Bank's methodology. Reference was made to fines, which are all very well but that does not deal with the public. The fine has been increased from €5 million to €10 million. One cannot budget for the effect on the economy and confidence in the banking sector.

As a regulator, would the Central Bank consider making it a requirement that international banks with major retail sections must set up a segregated system to avoid the problems we now see with the Ulster Bank whereby its Irish operation is third in the queue? It would make sense to ensure some confidence within the Irish sector that there should be a requirement to set up a segregated system. Does Mr. Sheridan agree with that?

If we discover that it was a major contributory factor to this inordinate delay in restoring normal service, that is certainly something we would take up with Ulster Bank. We will not promise that we will introduce such a measure across the board. We must find out first whether it was a key factor in the delays that have arisen and the fact that the contingency plan did not work.

It strikes me that if the ESB left several thousand customers and businesses without electricity for three weeks there would be a major uproar. We must get to the bottom of the issue. We might not get there at this meeting but we must review the systems and how they are tested. The economy could not take a shock like this if it were the Bank of Ireland or AIB. We must review the situation, listen to the evidence given and if we have further questions ensure that they are answered at a later stage.

Has the Central Bank been briefed well on what happened? We are talking about systems failures and technical glitches but we are still at the back of the queue in terms of getting answers to what happened. Do we really know how the system in Ulster Bank crashed and how such a scenario came about? The committee still does not have such information. It is important that we would hear from the Central Bank about what exactly happened. It seems that people were messing with the system and did not back it up before they did so and that when they tried to correct the problem they exacerbated it. How much detail has the Central Bank been given by the Royal Bank of Scotland as to what exactly happened in Edinburgh two weeks ago that caused such a major catastrophe for the Irish banking system and has caused such a horrendous crisis for so many?

This issue is still unresolved in terms of a resolution for customers and us really knowing why it happened, how it happened and how both RBS and Ulster Bank responded. I am not comfortable that we know all of the facts at this stage. However, we are dealing directly with RBS as well as Ulster Bank. We are dealing with them at the highest level and at a technical level. We are also getting the same information as the United Kingdom regulators in respect of the situation. We are also dealing directly with the United Kingdom regulator in terms of being comfortable with what we are being told. Until we complete our review I would not like to say that we have all the facts at our disposal. That has yet to happen.

To get the public behind what is going on we must put information into the public domain about what happened. It is fine to say we do not know exactly what happened and we are examining what occurred. Something simple seems to have gone wrong a couple of weeks ago. Even if they have to change what is going on I am sure that in the headquarters of Ulster Bank, the Royal Bank of Scotland and the regulatory body in London there are daily briefings on what happened and how it is being resolved. The public is no more informed now about what happened. They have been told there were technical problems and a few glitches but we should be getting a much clearer picture as to what happened and what is being done. I am sure most committee members got the press release from Ulster Bank. It is another of those candy floss statements that does not add anything to our knowledge. It is imperative that the Central Bank, which is the regulator – that is why it is in before the committee today – give us much greater detail on what has happened, even if the information has to be changed in two weeks' time. We are two weeks into the crisis and we are told that there is at least another two weeks to go before the problem will be fully resolved. We should have a hell of a lot more information about what is going on. The public deserve that, not us.

There are different elements to this issue. There is the initial cause of the problem, then there is how the bank responded to that and then why the contingency plans failed. We do not know exactly what happened in respect of those three. We will be investigating the matter. Our priority at the moment is to try to resolve the issue and to ensure that the contingency Ulster Bank has in place for its customers is working. I accept the frustration that is evident about why we do not know the full detail. The detail will emerge in the end.

The frustration is not about why we do not know the full details. We have very little detail. The Central Bank conducts IT and internal audits of the banks, which provide information on their IT systems. Clearly, a major bank has made substandard provision for its IT system. The information that is being given to the Central Bank on a daily basis should be made public so that we can make a realistic evaluation. If the banks are self-regulating their IT systems and substandard contingency plans exist, a system could fail dramatically again. We have gone to the trouble of calling the witnesses to attend. At this forum, people can get a sense of whether an issue is being dealt with adequately. I am not interested in getting a report in three months' time when the situation is over. We should know now, even if the Central Bank must modify what information it requires of the banks. We should know more about what has happened and what is being done about it rather than simply being told that something is being done.

To give Deputy Twomey some assurance and information concerning the Central Bank's involvement, the Central Bank has people on site in Ulster Bank every day. Our executive has met the Ulster Bank and Royal Bank of Scotland, RBS, executives at the highest level to ask questions and to get the details required. It has been at our-----

I apologise for interrupting and I will allow Mr. Molumby to reply, but I am anxious that we make as much progress as possible until we get to a point at which it looks as if we can make no further progress. We are all busy people and have other things to do, but Deputy Twomey has targeted an issue. The witnesses explained that there were two phases, namely, the technical issue and the follow on. We understand that, but Deputy Twomey's point is that whatever occurred on the night must be ascertainable. The Central Bank might not know what it is. Did the system mysteriously stop functioning or was there human error?

From our daily engagement with Ulster Bank, which I have outlined, we have been told that a software patch was applied to the core RBS group retail banking system on the evening of 19 June. The patch caused the system to fail. The group's technology focused on recovery actions. Given the way in which the system is built, that is to say, as per their acquisition history, we were told that Ulster Bank was third in the queue following RBS and NatWest.

I do not wish to interrupt. I am not a network expert, but if a system is appropriately backed up before someone adds problematic software to it, recovery entails loading the backup and restarting the process. It seems that someone messed with the system before backing it up. If that is the case, it could happen at any time.

With respect, if Mr. Molumby cannot answer my questions, he should get answers from Ulster Bank, RBS or the English regulator and publish them on the Central Bank's website. People who are wondering what happened to Ulster Bank and whether the same will occur at other organisations should be able to read about the situation on that website. If it is as foolish an issue as someone messing with the system and causing it to crash without adequately backing it up, it is a question of human error and not much can be done about it. However, if there is a broader problem with the computer system, in respect of which the Central Bank has a monitoring function, the situation is more serious and the public should know about it. I am not an expert on the software or the hardware involved, but these are simple issues.

I am not casting aspersions. Given the magnitude of the issue, we would have expected everyone who met Mr. Brown to be in attendance at this meeting, particularly Mr. Elderfield. This is an important point.

The Central Bank has provided a four-page summation on the situation, but it contains no explanation and we do not know when the matter will be rectified or people will receive restitution. I am open to correction, but it is my understanding that after RBS took over NatWest and certain software functions were outsourced, the new system did not deliver sufficient capacity and a decision was taken to revert to the old system. When that occurred, the software's compatibility was not restored. When the system was rolled back, whoever was operating the system did not realise that a compatibility procedure needed to be conducted.

The outsourcing of such functions have wider implications for Central Bank regulation. Banks need to realise that their IT systems are probably the most important element of their banking operations. The concern is that decisions on saving costs are being made at a non-technical level. Does this have implications for banks' day-to-day workings? Was there outsourcing? My understanding is that the experts were not aware that they needed to make the system compatible when they rolled back to the old system. What resources are being put in place by Ulster Bank and Royal Bank of Scotland, RBS, to ensure the issue is rectified? It was indicated that the "national payments system has responded to this incident quickly and effectively by putting in place arrangements and measures to ensure that certain transactions were re-routed". I know people who are paid on a weekly basis but those payments are not hitting the bank accounts. Why is Ulster Bank not giving an overdraft facility to a certain level to ensure people can function? That is not good enough and people are entitled to know the position.

Mr. Elderfield should have been here today, although that is not a poor reflection on the witnesses, rather a reflection of the scale of this issue. We need to know when RBS and Ulster Bank will rectify the system, and it is not good enough for Ulster Bank to indicate one thing with RBS in the UK indicating something else. At this time we do not know when the system will be rectified. A person may be outside the system and put two and two together from what has been said. If outsourcing is part of the problem, have questions been asked about it? Are other banks outsourcing information technology systems and could that have a potential effect? It appears that the new system was functioning, although it was not efficient. As it was slow, it was decided to roll back the system until they got the process up and running. It was not made compatible with the older system and the data was corrupted.

Ulster Bank customers are worried but there are wider implications. A person with a small business with Ulster Bank cannot get paid by customers, and people on social welfare are also under pressure. The Central Bank regulates the banks in Ireland and it is very important to have confidence at a banking level and in the measures put in place by those banks. Will the witnesses address the outsourcing issue?

I will come to that. To know exactly what has happened and for us to relate that publicly, including why it happened and the response, we must thoroughly investigate the matter. The Deputy would have seen from communications by Ulster Bank and RBS that the issue has changed a number of times from when it initially arose. We are focusing on the resolution but there are questions as to who is responsible and if somebody made an error or back-up systems did not work. We do not want to come out in advance of these detailed questions being answered. We do not want to make a statement when something else may have happened.

There is an impact on people's lives. They have had to queue at the banks, example. Each account would probably have a normal monthly run in the bank. If people are being paid regularly, they would have certain regular bills. The banks, in a simple measure, could provide a person with an overdraft facility on a temporary basis to enable them to function. This is in preference to them having to go physically to branches, etc.

I am sure the representatives of Ulster Bank can answer that specifically. My understanding is the bank is facilitating customers with access to funds. If people show identification, the bank considers the normal transactions in an account over a month and provides access. I do not know if the bank is specifically providing overdrafts.

People are being facilitated by having to queue at length in banks. In this modern day and age, people should not have to do this. We are representatives of the people. Currently, the balance of power is with the bank rather than the customer. In some way there should be a measure where the banks are required to provide a facility for customers. A date for resolution must be set out, and a measure should be put in place so that people can function normally until the date of resolution comes about.

It is not good enough for the bank to indicate this is a resource issue and it cannot get programmers or software engineers to get the systems up and running. This appears to be a meandering process and there appears to be an acceptance that whatever Ulster Bank comes out with is fine as the bank is doing its best. I do not buy that and we should have something more. Will the Central Bank get a date by when the issue will be conclusively resolved? Will it consider putting in place measures for the consumer in the interim?

People having to go to a branch over a number of weeks is not appropriate or acceptable, but that is the way the bank is providing access to funds for customers. That method is delivering for those customers, but as a longer-term measure, it is not enough. The bank has also provided facilities where people are unable to get to branches or are abroad, etc. We have pressed Ulster Bank on all those issues.

The question on overdrafts can be answered tomorrow by the representatives of the bank. There may be issues in the system if it is to be set up, although that would be a secondary matter to providing the funds.

The Deputy asked about getting an answer on the date by which this would be sorted. The announcement which came out today was as a result of pressure from the Central Bank to have RBS make a statement on its best estimate. We are considering the evolution of these processing times every day, with the batches at various stages and some detail on the various payment streams. The estimate the bank has given is reasonable at this point, given what we have seen to date.

I welcome the delegation from the Central Bank. Its members constitute the team dealing with the issue, and I accept they are the most reliable and informed people to speak to on the topic. It is an unprecedented issue in Irish banking - exasperating, unacceptable and inexcusable. I also note the Central Bank's concern for the customer. The Central Bank has had to examine how this emerged and how it is developing and it continues to do so. As the deputation has indicated, there has been a change in developments since 19 or 20 June. In a sense we are shooting in the dark until the Central Bank has established all the facts. It is important that when the representatives of the Central Bank have established all the available facts they make the report to the Chairman immediately or come back to us, whatever the Chairman deems to be the right way to proceed at that stage. The Chairman noted, having regard to the RBS statement, how far he believes we are from that.

Is the fitness and probity process complete in the case of Ulster Bank? Are there any outstanding legacy issues? As a result of what has occurred in our recent history there is a concern that there should be a suitable clear-out at board and management level. I call on the deputation to deal with this matter with reference to Ulster Bank since it is in the frame at the moment. The Central Bank cannot be satisfied that there will be no other system failures in the other banks. This point was touched on by some of the other questioners.

I accept that the Central Bank representatives are not experts in this area but perhaps they will comment on the information they are relying on with regard to the tests and any further examinations. As the authority and the regulator of all banks, when will the Central Bank be in a position to say it is suitably on top of the situation with regard to the systems in operation in all banks? This is vital for the whole economy and for all payment processing systems.

I will come to that. In the case of Ulster Bank, to the best of my knowledge, all senior executives are new. I cannot think of anyone who is not new at chief executive officer, chief financial officer or chief risk officer level. I have referred to the case of directors already but there are other categories of people we regard as critical for the overall process. There are pre-approved control function posts. These include the senior members of the control functions in each of the banks. The banks have submitted these to us in accordance with the guidelines and requirements we issued last year. The legislation only became effective in December of last year. By the end of December we received the list of all people who were in pre-approved control functions. By March of this year the banks confirmed to us that they had carried out the necessary due diligence. They have until the end of this year to go to the next level for all control functions in the bank. That is the current position.

I have no wish to be glib but I am unsure if we could ever be satisfied. We must be continually diligent. Systems continue to improve, evolve and develop. If we sat back for one moment and decided that we were satisfied we would probably be out of date immediately. We must remain diligent. We do so through the supervision function which Mr. O'Neill has outlined and through our oversight function under the national payments system.

I can explain the detail of the oversight function and how we operate if so required, but suffice it to say that we monitor the procedures and processes that the clearing companies operate to ensure that there is efficient, safe and resilient transaction processing between the banks and in the interbank system. I am keen to emphasise that not for one moment could we ever be complacent. We have called on the Irish Payment Services Organisation to review its risk management methodology as a result of what has taken place. We must finalise our investigation into the Ulster Bank incident to ensure that the other banks have learned from it and that they will apply an appropriate review of controls arising from it.

Let us suppose the Central Bank does the best it can. Will the investigation take weeks or months to complete? We will not hold you to anything specific but can you give us a general sense of how things look? Mr. O'Neill referred to the information received by the Central Bank. Given what the Central Bank has now been told about the date by which this might be resolved, do you believe it is a realistic date, even though the other deadlines were all passed? Does the Central Bank think this is realistic based on the information and what has been observed? If the Central Bank does the best it can, how long will it take to get to the bottom of this and produce a report?

Assuming Ulster Bank can restore normal service to all its customers, our next priority is the restitution programme. Our priority will be to ensure that it is comprehensive and that it is rolled out as quickly as possible to people. The investigation will take longer than a matter of weeks. It will take place at group level in RBS and we will be working with the UK Financial Services Authority in that respect but we also have to examine the Ulster Bank element in respect of its input and how it has failed. I imagine it will take more than a matter of weeks.

The committee should bear in mind that it will take Ulster Bank some time for every account to be brought up to date exactly. There will be issues, some of which were referred to earlier, in terms of the large backlog the bank must get through. Then, a considerable clean-up remains to be done after the systems are back and working properly.

Is it realistic to expect that there would be some conclusion within a period of four months? That is not unreasonable. A net event occurred on 19 June, a specific event occurred relating to a certain patch. That could be investigated in respect of what precisely occurred, who did it, what the patch was for and so on. The legacy issue is more complex and relates to how the bank responded and the manner in which it dealt with customers given the so-called glitch that occurred.

The British Government is considering a parliamentary investigation into the Libor controversy to conclude by the end of this year. This case involved one bank and one event. I do not underestimate the impact that it had but it was a net event that took place during one night. I realise there are legacy issues as well. I wish to pick up on what Senator Paul Coghlan stated. The committee could have some relevance here. Can the Central Bank give us a ballpark idea? If it is not a matter of weeks, would it not be unrealistic to suggest it could take a short period of months?

I thank the deputation for coming in and I welcome in particular my former colleague, Mr. Paul Molumby. I wish him good luck and he has my best wishes following his recently appointment in the Central Bank. Let us try to consider this apart from the overview interruption of systems and the conduct and operations of the bank. I wish to share the voice of a private citizen who is in business in a small way. He has an SME with seven employees. I do not know this gentleman but he sent me an e-mail the day before yesterday. He stated that he is a constituent from Dublin South living in Ballinteer who voted for me at the last general election. He wrote to express his deep concern about the situation at Ulster Bank and his deep disappointment with the political response from the Government and the lack of action by the Central Bank. His company has significant funds in an Ulster Bank account which it cannot access. The bank will not answer its phones to talk to customers or give one one's money if one goes into the branch. The gentleman claims that if the bank is actually bust – he suspects this may well be the case – he will be out of business, with the loss of seven jobs, and that those who need money for day-to-day living expenses must borrow from family and friends to pay for food for their families. This, according to the businessman, is a national disgrace. He implores me to speak out on behalf of the ordinary people. He believes that while I may be an ex-banker, I am an honest man, and that I should, therefore, do the right thing by his company. He signs himself "Citizen Sean, managing director". While the political dimension may provoke a little laughter, one should realise this is a true story that indicates where people are hurting. The business in question has seven employees. They are borrowing from brothers and sisters and other family members just to meet cash requirements.

Deputy Twomey said the PR response by the bank is a fog. It is institution speak whereas the language in the e-mail is real speak. The software patch that was used and introduced to the systems had a devastating effect. Not alone did it freeze the accumulated records that would have been backed up daily, as is customary, such that any items that must be reprocessed can be reprocessed on an integrated and valid backup system from the previous day, but it also seems to have contaminated or somehow corroded, in a retroactive way, the cumulative records to date. That is very serious. That is a systems breakdown. It is like the electronic circuitry of a house being damaged through the installation of a patch. If this is the case, we need to know about it.

We need to know the observations of the external auditors in addition to those the Central Bank may have employed to consider what happened. The external auditors have a function in regard to the truth and fairness of the profit and loss account and balance sheets for and at a given period. They also comment on the extent to which books and records are in agreement with the accounts and to which the books and records, which include the systems, have been properly kept. If there are not stand-by facilities for a banking system whose essential business is all about securing the integrity and timeliness of record-keeping and analysis, without any blips or gaps, there is a problem. It is the essence of a bank's business. It is absurd that we cannot have factual reports on this now as opposed to three months time. As a matter of fire-brigade checking, we need to ensure the other two main banks in the economy can stand over their existing and stand-by systems. This should be done immediately.

My colleague, Deputy Kevin Humphreys, implied Ulster Bank's accounts probably constitute up to 25% of all banking business in Ireland. That would be like 25% of electricity users being without electricity or with unreliable electricity. Being given candles would equate with queuing for cash, and that is not good enough. We, therefore, need a fire-brigade response to double-check the other systems.

My remarks are in the context of the overall banking industry. At balance-sheet level, the architecture went all wrong because banks were essentially deregulated. Balance sheets ignored the prudential principles of keeping loan-to-deposit ratios right. That is what led to the credit bubble. Now we have operational mismanagement or underperformance, and it needs to be addressed urgently.

It is of concern that Deputy Mathews has a constituent in the circumstances described because, as far as we were aware, such individuals are being accommodated, although, as I said, the mechanism is not ideal. It is not a question of whether the bank is bust, because that is clearly not the case, but of whether it is providing the service it should be, even in this stressful scenario. We will certainly pursue this if the Deputy is not doing so, because what the Deputy outlined is not what we are being told.

In the 35 minutes during which the delegates were telling me they were totally confident that the small and medium-sized businesses were being serviced, Deputy Mathews could produce e-mail from the day before yesterday telling a different story. In fairness to the individual concerned, he has a problem. What we really want to know is the truth about small and medium-sized businesses. That Deputy Mathews could receive an e-mail of the kind in question within such a short period makes me question the information of Ulster Bank. I hope the Central Bank is not accepting the information Ulster Bank is giving to it at face value because that is exactly how we got into trouble before.

We are in contact with the Ombudsman, the National Consumer Agency and other consumer bodies to determine how Ulster Bank customers are being affected and what they are hearing on the ground. We are not just relying on Ulster Bank. The Deputy's point in this regard is a fair one. Relying on the bank alone is not what we should do.

Deputy Mathews made a valid point on the impact of systems problems, not only on Ulster Bank but also on small businesses' ability to know their balance at the end of the month, the half year and year.

The point on external auditors is a fair one. The Deputy asked about their role in the assessment of the systems. That certainly will be part of our review.

Mr. Molumby will speak on the wider review.

In regard to the national payments system, we have engaged with IPSO and have requested it to undertake a review. It committed to doing so using an independent risk-management firm. That will help and we look forward to seeing the review and working with the banks. From our engagement with the other banks, I know they are keen to understand the issues within Ulster Bank. They are keen to apply the learnings, whatever they may be.

Deputy Mathews referred to the impact of the patch and the recovery therefrom. We need to be cautious in respect of dealing with what we know. A full incident review is necessary before we can make a judgment. Questions need to be answered about the IT controls, how the incident was managed, whether the recovery actions were appropriate and how the recovery actions were governed. There are a number of questions that need to be dealt with before we make a judgment and learn lessons in respect of individual banks' payment systems and the broader Irish payments system.

I welcome the gentleman from the Central Bank. There is a matter much more alarming than the crisis affecting Ulster Bank and its clients. We should be alarmed by what we heard today in so far as it is apparent now that the Central Bank does not have the capacity to monitor effectively on behalf of the citizens of the State the IT systems in banks. There is more than €60 billion of national debt arising from light-touch regulation but it is only apparent now that there is something to fear more than light-touch regulation, that is, zero regulation. Mr. Sheridan stated that the Central Bank does not have the capacity to monitor the contingency systems of banks.

We are meeting here to discuss the role of the Central Bank in monitoring the Ulster Bank crisis but, as I stated, if there is something we must fear more than light-touch regulation, it is zero regulation. It is extraordinary. Some of my colleagues questioned why Mr. Elderfield is not here. I would have thought, on the basis of this being an IT system, that we would have somebody in here from the Central Bank, if not Mr. Elderfield then from the Central Bank's IT expertise who would be able to give us some reassurance about what happened and what reach the Central Bank has in respect of its dealings with all banks on IT issues.

We are also meeting here today to be reassured that the Central Bank is ahead of the game but it is clear that the Central Bank, like us, is watching the game and is being told rather than being in charge or being the effective policeman of the banking system. It would also appear it does have IT expertise at its disposal. This is at a time when the State has put countless millions of euro of additional resources into the Central Bank and several hundred additional personnel. In terms of Central Bank structures internationally, is it the norm that central banks do not have in-house IT expertise but that in such matters they are a prisoner to the willingness or otherwise of the individual banks that they monitor to police their own IT systems? It is a glaring weakness, particularly at a time when we are moving towards there being fewer cash transactions and more online banking, that such deficit in the Central Bank's structure would become apparent today.

This meeting has revealed something useful, that there is a glaring weakness. This is not necessarily a criticism of the gentlemen personally and I do not wish to personalise this. There is a glaring weakness in the structure of the Central Bank of Ireland in so far as it has a capacity or a willingness to delve into this issue of IT supervision of banks. That is alarming. As I stated, if there is something we must fear more than light-touch regulation it is zero regulation and it appears that the Central Bank, like us, is following the game rather than being in the game in terms of getting an effective response. That is by way of an opening observation. It is something which we, as a committee, need to look at in far greater detail.

I would like to know how many additional staff have been recruited in the Central Bank since 2008 and how many of those are in the IT sector. How does that structure of the Central Bank's supervisory role compares with other similar-sized central banks operating? I am tempted to make the observation that the idea of an EU-wide supervision of banks becomes ever more appealing because this is a glaring inefficiency which needs to be addressed.

I noted somewhere, in either the presentation today or some of the media comment - we have seen so much of this that I must apologise that I cannot source it accurately - that this is an IT issue and no commercially sensitive information has been compromised in any way in respect of businesses that have been impacted. I would like the Central Bank to give us the categoric assurance that no commercially sensitive information of customers, and businesses, in particular, has been in any way compromised. Given that the bank does not have, by its own admission, that IT reach and appears to be going on the word of RBS, NatWest and Ulster Bank, I would like to know that the Central Bank can stand over the assurance these banks are giving that no commercially sensitive information has been compromised.

Finally, in respect of the resolution of this issue, is the Central Bank insisting that a system be put in place which ensures that this centralised processing function will in future simultaneously restore the system for all customers of RBS, be they of the subsidiaries or of the bank itself, in other words, that Paddy will not be asked to wait at the end of the queue as is the case at present.

I do not agree with Deputy Creed's conclusion on the biggest issue he raised in terms of our capacity to monitor banks. If we have given that impression, then that is a false impression. We have put significant additional resources and expertise into the monitoring of the banking system and Mr. O'Neill can explain in detail the numbers involved. We have introduced a new risk-based system in terms of how we monitor high-impact firms and the resources that we allocate to those firms are appropriate to the nature of the firm.

This is not peculiar to Ireland in terms of the role of the Financial Regulator testing the banks' systems themselves. That is what we mean by not having the capacity. We would have to replicate their systems in order to test them. Mr. O'Neill explained earlier our approach in that regard where we expect the banks to test them. Those tests are conducted by independent persons, depending on the specific area. There is no point in me pretending to the committee, or giving it the impression, that we test the banks' systems in this space. We do not. That is not typically a function of a regulator.

On Deputy Creed's point, perhaps this can resolve a concern that I have in my own mind, which is why I raised it at the outset. Mr. Sheridan states that the Central Bank does not have the capacity to act. One reading of that statement is that the Central Bank does not have sufficient resources to so do. Another reading of it is that it would not in any circumstances ever be appropriate for a central bank to do that. If the latter is the case, Mr. Sheridan should say so, or else indicate it arises from a policy decision or that the UK authorities will do it anyway.

Deputy Creed put his finger on what the Central Bank is actually saying. Deputy Creed asked - I believe Mr. Sheridan was moving towards the answer - what is the norm internationally. Do central banks generally stress test or otherwise test the IT systems?

Let us benchmark it against the best system in the world, whatever that is. I do not know whether it is that of the United States and I had better not say. Does the best, most well-equipped system do it?

As far as we are aware, they do not. The Chairman's point on whether it is appropriate is valid. My view would be that it is not. The issue with Ulster Bank and RBS is this significant failure of their contingency plans to kick in to deliver the service that is expected and, by us going in and testing, there is no way we can give an assurance that systems failures will not occur. They will occur and our job is to ensure that they are managed by the institutions so that they are minimised.

A whole range of issues arise which are not purely around the information technology aspect of the problem. How were the collateral issues managed? Why did the controls to which Mr. Molumby referred not work? What checks and balances were in place? What action was taken when the problem was discovered? Who made the relevant decisions and on what basis? Were these decisions consistent with the contingency plan Ulster Bank has in place?

It is a fair analogy, which is the reason we do not want to jump to conclusions as to what took place and the implications of that for the wider system, as to what are the lessons. We need to do a thorough investigation. There is a danger of jumping to the conclusion that the problem was only with IT systems as the issue could be wider than that.

I will make two observations. The Chairman's analogy of the accidental spill in the supermarket is fair. The Central Bank's focus is to get out the Jeyes cloth and mop up. We are in that phase of the accident in this case. Ulster Bank is a number of days behind, customers continue to be impacted upon and we are pressing and engaging it and the RBS Group to ensure the mop-up is done so as to get to position zero.

With regard to the technology review, my expectation from the oversight of the payment systems is that there will be a very detailed technology review by technology professionals with substantial years experience, including a number of experiences of high profile incidents, an understanding of where the technology and control failures were and a technology response to them. I am sure other parts of the bank will look at how management responded and dealt with the issues. This type of experience cannot, by any means, be found on the shelf. It is highly specialist and I have no doubt, although I am not fully familiar with the issue, that these are very complex and specialist systems that will require substantial expertise to understand what went wrong and to put that into a language we would expect and which will allow us to ask questions so as to give the confidence that the matter has been restored correctly.

I will address one point made by Deputy Creed. He made a fair point in asking whether we are simply bystanders observing events. It is clearly up to RBS to deliver a systems resolution and we are monitoring that, as are the UK authorities. From that perspective, his assessment is a fair one but that is not all we are doing. We are in Ulster Bank on a daily basis, engaging with the regulatory authorities in the UK at the highest level and engaging with RBS directly, rather than relying solely on our engagement through Ulster Bank. It is also important to note that the outcome of this process will be that Ulster Bank will have to provide restitution for people for the inconvenience that has been caused. The investigation into the failing to be carried out after the event will be done thoroughly and will produce findings against Ulster Bank. As to whether this event is a complete failure of the system, we will ensure customers are ultimately restituted and carry out an investigation. The UK authorities will do likewise.

As with other public representatives I received an e-mail just after noon today stating that next week will be the final week of significant delays at Ulster Bank and it is expected that in the week beginning 16 July, the vast majority of customers will return to a normal service. Ulster Bank has a significant presence in County Clare. It has a large bank in Ennis and a considerable number of customers, especially in south County Clare. In the meantime, these customers, in particular, small businesses, will endure extraordinarily difficult circumstances. They are unable to pay their suppliers, notwithstanding the moneys in their accounts, and are continuing to serve customers in good faith in the hope and expectation that standing orders have been made and payments received. They must operate blindly and in the hope that people who say they are paying them are doing so and that their suppliers will continue to extend them credit. If they are wrong, will they receive compensation? Is a compensation scheme in place or will a guarantee scheme be put in place? They have already endured two weeks of this problem and must face a further two weeks of it.

Deputy Mathews outlined difficulties experienced by some of his constituents. I am hearing of similar cases in my constituency. People expect something more than hope that the matter will have been resolved in two weeks because they will continue to incur losses in the meantime.

As I stated, our priority is the resolution of the problem. After that, it is to ensure Ulster Bank has a comprehensive restitution programme in place. We are already working with the bank on that issue. Our emphasis and the issue on which we will push the bank is compensating people for any loss they may have incurred as a result of the lack of provision of service by the bank.

The internal controls of a bank are examined by auditors who test whether the books and records of the company or bank are being properly kept, its systems are properly integrated and there are no weaknesses. The Central Bank, as a regulator, has the power to request the record of control weaknesses made by auditors after they have carried out their tests. It should exercise this power. The audit tests are focused on all the methods of keeping books and records. For a bank, this includes everything from petty cash books through to systems and the patches applied to systems. The internal and external auditors must form a view at the end of the year that the profit and loss account for the year is a true and fair record of the result for the year and the balance sheet is a true reflection of the assets and liabilities of the bank. They can only do this if they have adequately and reasonably tested all the systems and records that go into collecting all the relevant information. There is no express rule that states central bankers and regulators must test IT systems. However, to protect members of the public and the financial system of the economy, it is incumbent on the Central Bank to ensure that whatever professional tests are done by those competent, authorised and licensed to carry them out are done fully, regularly and effectively. That is the position in a nutshell.

I will use the Chairman's analogy involving two phases, the spill and clean-up phases. We were given clarity as regards the spill when we were informed that the Central Bank does not have or want this expertise because it is not available on the shelf. I understand that position and given that such expertise is independent, there is nothing to indicate Central Bank expertise would be better than independent expertise.

Mopping up the spill and addressing the backlog is not an IT issue but a processing issue.

I seek a similar level of clarity as was provided earlier. Did Ulster Bank provide a contingency plan that would have dealt with such a scenario and did the Central Bank approve the plan? I am not clear in this respect. In the case of the IT system, I understand that independent analysis is involved and that the Central Bank will take the word of the independent person, as that is reasonable. As for the mop-up of this spillage, were I a manager of a supermarket I would not be able to prevent someone from spilling a carton of milk. However, I would want to make sure that I had a mop bucket and a mop to hand. Did the Central Bank ensure Ulster Bank had the processes on hand to deal with the backlog with which customers of that bank are now faced?

From my experience of working in the private sector, it strikes me that we always operated on the basis that one tried not to test quality into the product but tried to get it right. My concern pertains to the other banking institutions as if this can happen in Ulster Bank, there is contagion. I am also concerned regarding the quality of the information given to the regulator and how that information is challenged and checked. Mr. O'Neill gave answers to questions earlier with which I was unhappy. However, it comes down to the question of how one can ensure the risk is kept to a minimum and acceptance of whether the information that comes from the auditor is truly independent.

To keep to the Deputy's analogy regarding the mop-up, I will reprise the question as to whether we are satisfied with the mop-up. As Mr. Sheridan noted in his opening statement, "it is clear that the arrangements for an IT systems failure have not operated as expected at Ulster Bank". As was articulated earlier, for the first number of days both the Central Bank and Ulster Bank - I honestly do believe - expected to resolve the issue over the weekend. As I outlined, Ulster Bank took certain actions to remediate that but failed. It then found itself with a backlog of a number of days. We have been engaging with the bank on a daily basis to understand and to get clarity on how it has been recovering from that position. While we have seen evidence of progress in this regard, the situation has not recovered. At our pressing, Ulster Bank has released a statement to the effect it will take the institution at least another two weekends to complete the mop-up. After this has been completed and the customers have been put back into normal operations, this review must examine how this mop-up has taken place. However, I do not believe for a moment that we can be satisfied with what has happened or the outcome thus far.

In the witnesses' closing statements, they should incorporate whether the issue of competence arises when an individual states something can be resolved over the weekend but ultimately, it turns out it cannot. In other words, I refer to a scenario in which a person, who has applied his or her level of expertise and knowledge to a problem, has indicated it can be sorted out within two days when it must have been manifestly clear it could not. Does this not pertain to competence?

To revert to the point made by Deputy Pearse Doherty on the contingency plan, the people operating under that plan were working on the basis that they would not be behind significantly in respect of a backlog. They found themselves in that position, particularly with regard to Ulster Bank, over the weekend in question. They had some experience of dealing with the systems problems on foot of dealing with RBS and NatWest and applied that experience to make various assumptions when estimating a timeline for when Ulster Bank would be back up and running. Obviously, this must be verified and I am not signing off on it but as far as the Central Bank is aware at present, what appears to have been a significant problem is they were behind for longer than the contingency plan envisaged. In itself, that has created significant problems for them in catching up. In respect of repairing the files for the automated running, they have encountered significant problems that are at least partially related to the fact that they are a number of days behind. The question is whether one would state someone is incompetent because he or she has led people to believe a problem would be resolved on a Monday, before he or she actually got into the work and discovered the difficulties. It probably was premature on their part and they made assumptions that did not stand up to the test. However, I will not therefore conclude they were incompetent at this point.

In response to Deputy Michael McGrath's question on whether the application of the patch on a Friday night would have led us to being in the same position, that issue must be covered in the review. My understanding is that good practice is that major upgrades are made at a time when there is time to recover from them. However, that must be-----

I have a question that was not answered earlier pertaining to the mis-selling of hedge funds in which Ulster Bank's parent group is involved and for which it has been prosecuted and fined. Can the witnesses provide information to put members' minds at rest that this is not happening at Ulster Bank?