• At Kemp Little, we are known for our ability to serve the very particular needs of a large but diverse technology client base. Our hands-on industry know-how makes us a good fit with many of the world's biggest technology and digital media businesses, yet means we are equally relevant to companies with a technology bias, in sectors such as professional services, financial services, retail, travel and healthcare.
  • Kemp Little specialises in the technology and digital media sectors and provides a range of legal services that are crucial to fast-moving, innovative businesses.Our blend of sector awareness, technical excellence and responsiveness, means we are regularly ranked as a leading firm by directories such as Legal 500, Chambers and PLC Which Lawyer. Our practice areas cover a wide range of legal issues and advice.
  • Our Commercial Technology team has established itself as one of the strongest in the UK. We are ranked in Legal 500, Chambers & Partners and PLC Which Lawyer, with four of our partners recommended.
  • Our team provides practical and commercial advice founded on years of experience and technical know-how to technology and digital media companies that need to be alert to the rules and regulations of competition law.
  • Our Corporate Practice has a reputation for delivering sound legal advice, backed up with extensive industry experience and credentials, to get the best results from technology and digital media transactions.
  • In the fast-changing world of employment law our clients need practical, commercial and cost-effective advice. They get this from our team of employment law professionals.
  • Our team of leading IP advisors deliver cost-effective, strategic and commercial advice to ensure that your IP assets are protected and leveraged to add real value to your business.
  • Our litigation practice advises on all aspects of dispute resolution, with a particular focus on ownership, exploitation and infringement of intellectual property rights and commercial disputes in the technology sector.
  • We have an industry-leading reputation for our outsourcing expertise. Our professionals deliver credible legal advice to providers and acquirers of IT and business process outsourcing (BPO) services.
  • We work alongside companies, many with disruptive technologies, that seek funding, as well as with the venture capital firms, institutional investors and corporate ventures that want to invest in exciting business opportunities.
  • Our regulatory specialists work alongside Kemp Little’s corporate and commercial professionals to help meet their compliance obligations.
  • With a service that is commercial and responsive to our clients’ needs, you will find our tax advice easy to understand, cost-effective and geared towards maximising your tax benefits.
  • At Kemp Little, we advise clients in diverse sectors where technology is fundamental to the ongoing success of their businesses.They include companies that provide technology as a service and businesses where the use of technology is key to their business model, enabling them to bring their product or service to market.
  • We bring our commercial understanding of digital business models, our legal expertise and our reputation for delivering high quality, cost-effective services to this dynamic sector.
  • Acting for market leaders and market changers within the media industry, we combine in-depth knowledge of the structural technology that underpins content delivery and the impact of digitisation on the rights of producers and consumers.
  • We understand the risks facing this sector and work with our clients to conquer those challenges. Testimony to our success is the continued growth in our team of professionals and the clients we serve.
  • We advise at the forefront of the technological intersection between life sciences and healthcare. We advise leading technology and data analytics providers, healthcare institutions as well as manufacturers of medical devices, pharmaceuticals and biotechnological products.
  • For clients operating in the online sector, our teams are structured to meet their commercial, financing, M&A, competition and regulatory, employment and intellectual property legal needs.
  • Our focus on technology makes us especially well positioned to give advice on the legal aspects of digital marketing. We advise on high-profile, multi-channel, cross-border cases and on highly complex campaigns.
  • The mobile and telecoms sector is fast changing and hugely dependent on technology advances. We help mobile and wireless and fixed telecoms clients to tackle the legal challenges that this evolving sector presents.
  • Whether ERP, Linux or Windows; software or infrastructure as a service in the cloud, in a virtualised environment, or as a mobile or service-oriented architecture, we have the experience to resolve legal issues across the spectrum of commercial computer platforms.
  • Our clients trust us to apply our solutions and know-how to help them make the best use of technology in structuring deals, mitigating key risks to their businesses and in achieving their commercial objectives.
  • We have extensive experience of advising customers and suppliers in the retail sector on technology development, licensing and supply projects, and in advising on all aspects of procurement and online operations.
  • Our legal professionals work alongside social media providers and users in relation to the commercial, privacy, data, advertising, intellectual property, employment and corporate issues that arise in this dynamic sector.
  • Our years of working alongside diverse software clients have given us an in-depth understanding of the dynamics of the software marketplace, market practice and alternative negotiating strategies.
  • Working with direct providers of travel services, including aggregators, facilitators and suppliers of transport and technology, our team has developed a unique specialist knowledge of the sector
  • Your life as an entrepreneur is full of daily challenges as you seek to grow your business. One of the key strengths of our firm is that we understand these challenges.
  • Kemp Little is trusted by some of the world’s leading luxury brands and some of the most innovative e-commerce retailers changing the face of the industry.
  • HR Bytes is an exclusive, comprehensive, online service that will provide you with a wide range of practical, insightful and current employment law information. HR Bytes members get priority booking for events, key insight and a range of employment materials for free.
  • FlightDeck is our portal designed especially with start-up and emerging technology businesses in mind to help you get your business up and running in the right way. We provide a free pack of all the things no-one tells you and things they don’t give away to get you started.

The cost of poorly performing IT and intra-group outsourcing in the FS sector - it could be higher than you think

The recent spate of large regulatory fines handed down to Royal Bank of Scotland, NatWest and Ulster Bank, for serious technology and governance failures, demonstrate how critical the understanding, control and oversight of IT systems have now become within the financial services sector.

The fines- £42m by the Financial Conduct Authority , £14m by the Prudential Regulatory Authority  and a further €3.5m (£2.75m) fine by the Central Bank of Ireland respectively, relate to a serious IT malfunction in 2012, which left customers unable to access and use key banking services.

The €3.5m fine levied on RBS owned Ulster Bank is the largest ever imposed by Irish financial regulators, who claimed that the breach had “threatened confidence in the operation of the retail banking sector”. The bank has already paid out €59m in compensation to customers, under a redress scheme overseen by the regulator. Additionally, the fines imposed by the FCA and PRA represent the first time the regulators have taken joint enforcement action.

Clearly, the failure of vital IT systems will not go unnoticed by regulators, and should act as an incentive to businesses operating in the financial sector to actively take steps to pre-empt and allocate the risks of such IT failings, rather than face harsh, and avoidable, penalties later on.

The Facts

The incident in question dates back to June 2012, where an IT meltdown left around 6.5m customers in the UK, and a further 600,000 customers in Ireland, unable to access or use their bank accounts. Normal service was not resumed at the bank until 28 days later. Naturally customers were left outraged, while senior staff attempted to reassure the media that the bank had identified the glitches and were actively fixing the fault.

Initially, the problem was thought to stem from a decision to outsource IT work to contractors based in India. However, upon scrutiny during the subsequent investigation, it became apparent that the problem was primarily the result of “intra-group outsourcing”, where vital IT services, including critical management and risk assessment systems, had been outsourced to the wider RBS Group (which owned Ulster Bank). Specifically, the failure involved a glitch which occurred when key account processing software was upgraded, causing compatibility problems which resulted in millions of accounts being automatically frozen.

It is not the first time that intra-group outsourcings have been found to cause problems in the FS sector. In the UK, Zurich was fined £2.3m in 2010, for the loss of customer data by their South African entity, to whom they had outsourced services .

Problems with intra-group outsourcings

The consequence of the intra-group outsourcing was that key management personnel at the banks retained little oversight, and did not fully understand the IT systems they had in place, nor did they have an appropriate contingency plan for dealing with the risks of such serious IT meltdowns. In essence, the bank did not adequately understand its own infrastructure and software, which were critical to the daily operation of customer banking transactions. These were highlighted as “systematic weaknesses” during the investigation, while Jim Brown, Ulster Bank’s chief executive, accepted the findings in full and admitted that resilience in the bank’s IT systems must “significantly improve”.

What Can FS Sector IT and Outsourcing Customer and Suppliers Learn From This?

  • Lesson #1: There is no defence to an issue just because it is caused by a third party outsourcer.  Comments made by the Irish Central Bank should re-enforce the importance of having a thorough understanding of any technologies relied on, and adequately ensuring risk is appropriately allocated.  “While the Central Bank recognises IT outsourcing is a feature of modern banking business, it is no defence for regulatory failings”. The regulator also stressed that “Ultimate accountability for compliance remains with firms and they must ensure they maintain oversight of outsourced activities.”
  • Lesson #2: Those clauses which deal with losses for failures, and discuss regulator fines, investigations and remedial action are not just “theoretical”. There are numerous practical examples of these issues, and unlike other types of regulator fines (e.g. enforcement by the Information Commissioner’s Office under the Data Protection Act 1998), they are not subject to any cap or limit.
  • Lesson #3: The ongoing digitisation of banking services has naturally caused many banks to spend more money on the front-office IT aspects of their businesses, which has made outsourcing an attractive option. However, this incident serves as a warning that suitable IT processes, oversight and safety nets must remain in place. The contract with the supplier remains a good place to capture many of these – but not the only place. The risk decisions, policies and procedures of the regulated business must be properly documented and followed.

For more information, please contact Andrew Joint or Tom Sutherland.