This week I’ve been reading through the recent judgment from the Swedish FSA on the Swedbank outage. If you’re unfamiliar with this story, Swedbank had a major outage in April 2022 that was caused by an unapproved change to their IT systems. It temporarily left nearly a million customers with incorrect balances, many of whom were unable to meet payments.
After investigation, the regulator found that Swedbank had not followed its change management process and issued a SEK850M (~85M USD) fine. That’s a lot of money to you and me but probably didn’t impact their bottom line very much. Either way, I’m sure the whole episode will have been a big wake-up call for the people at the bank whose job it is to ensure adequate risk and change controls. So, what went wrong, and how could it have been avoided?