Incident: Faulty Software Used for Screening Suspicious Transactions at Deutsche Bank

Published Date: 2019-05-22

Postmortem Analysis
Timeline 1. The software failure incident at Deutsche Bank happened before May 22, 2019, as per the article [84917]. 2. Published on 2019-05-22. 3. The software failure incident likely occurred in early to mid-2019.
System 1. Screening software used by Deutsche Bank to detect suspicious customer transactions [84917]
Responsible Organization 1. Deutsche Bank [84917]
Impacted Organization 1. Customers of Deutsche Bank were impacted by the software failure incident as the faulty software was used to screen customer transactions for suspicious activity [84917].
Software Causes 1. The software failure incident at Deutsche Bank was caused by faulty software used to screen customer transactions for suspicious activity [84917].
Non-software Causes 1. Lax money-laundering controls: Deutsche Bank was already under fire for lax money-laundering controls, which contributed to the failure incident [84917]. 2. Failure to report suspicious transactions: The bank failed to report multiple transactions involving legal entities controlled by Donald J. Trump and Jared Kushner to a federal financial-crime watchdog, despite recommendations from anti-money-laundering specialists [84917].
Impacts 1. The software failure incident at Deutsche Bank led to a blow to the lender's reputation, especially as it was already under fire for lax money-laundering controls [84917]. 2. Shareholders expressed an extraordinary level of anger, leading to a movement to vote on a lack of confidence measure in bank management at the annual meeting [84917]. 3. The incident may result in pressure on the chairman, Paul Achleitner, to step down before his term's scheduled end in 2022 [84917].
Preventions 1. Implementing thorough testing procedures: Proper testing of the software could have potentially identified the faulty screening functionality before it was deployed [84917]. 2. Regular software maintenance and updates: Regularly updating and maintaining the software could have helped in preventing such errors from occurring [84917]. 3. Enhanced oversight and monitoring: Implementing stricter oversight and monitoring mechanisms for the software's performance in detecting suspicious activities could have helped in catching the issue earlier [84917].
Fixes 1. Implementing thorough testing procedures to identify and rectify software faults before deployment [84917]. 2. Conducting regular audits and reviews of the software to ensure its effectiveness in screening customer transactions for suspicious activity [84917]. 3. Enhancing communication and collaboration between the software development team and regulatory authorities to address any issues promptly [84917].
References 1. Germany’s Süddeutsche Zeitung newspaper [84917] 2. The New York Times [84917]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident has happened again at one_organization: Deutsche Bank acknowledged using faulty software to screen customer transactions for suspicious activity, indicating a software problem within the organization [84917]. (b) The software failure incident has happened again at multiple_organization: There is no specific mention in the provided article about the software failure incident happening at other organizations.
Phase (Design/Operation) design (a) The software failure incident at Deutsche Bank was related to the design phase. The faulty software used to screen customer transactions for suspicious activity was a result of software problems in the bank's efforts to curb money laundering activities. The bank acknowledged the error and stated that they are working on correcting it as quickly as possible [84917]. (b) The software failure incident at Deutsche Bank was not explicitly mentioned to be related to the operation phase or misuse of the system.
Boundary (Internal/External) within_system (a) within_system: The software failure incident at Deutsche Bank was acknowledged to be due to faulty software used to screen customer transactions for suspicious activity. The bank confirmed the software problems within its system that affected its efforts to curb money laundering activities. The bank stated that they are working on correcting the error as quickly as possible [84917]. (b) outside_system: The articles do not provide specific information indicating that the software failure incident at Deutsche Bank was caused by contributing factors originating from outside the system.
Nature (Human/Non-human) non-human_actions (a) The software failure incident at Deutsche Bank was attributed to non-human actions, specifically faulty software used to screen customer transactions for suspicious activity. The bank acknowledged the software problem and stated that they are working on correcting the error as quickly as possible [84917].
Dimension (Hardware/Software) software (a) The articles do not mention any information about the software failure incident being related to hardware issues. (b) The software failure incident reported in the articles is specifically related to faulty software used by Deutsche Bank to screen customer transactions for suspicious activity. The bank acknowledged the software problems and mentioned working on correcting the error as quickly as possible [84917].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident reported in Article 84917 is non-malicious. The article mentions that Deutsche Bank acknowledged using faulty software to screen customer transactions for suspicious activity, which was a blow to the lender's reputation. The bank confirmed the software problems in its efforts to curb money laundering activities, but it maintained that no suspicious transactions had slipped through as a result. The bank is working on correcting the error and is in close contact with regulators to address the issue ([84917]).
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident at Deutsche Bank was related to poor decisions. The bank acknowledged using faulty software to screen customer transactions for suspicious activity, which was a blow to its reputation. The software problems in its efforts to curb money laundering activities were a result of poor decisions made in the implementation or management of the software [84917].
Capability (Incompetence/Accidental) development_incompetence, unknown (a) The software failure incident related to development incompetence is evident in the article as Deutsche Bank acknowledged using faulty software to screen customer transactions for suspicious activity. This indicates a failure due to contributing factors introduced due to a lack of professional competence by the development organization [84917]. (b) The software failure incident related to accidental factors is not explicitly mentioned in the provided article.
Duration temporary (a) The software failure incident in the article seems to be temporary rather than permanent. The article mentions that Deutsche Bank acknowledged using faulty software to screen customer transactions for suspicious activity. The bank confirmed the software problems in its efforts to curb such activity but maintained that no suspicious transactions had slipped through as a result. Deutsche Bank is actively working on correcting the error and is in close contact with regulators to address the issue promptly [84917].
Behaviour unknown (a) crash: The software failure incident in the article is not described as a crash where the system loses state and does not perform any of its intended functions [84917]. (b) omission: The software failure incident is not explicitly mentioned as an omission where the system omits to perform its intended functions at an instance(s) [84917]. (c) timing: The software failure incident is not related to timing issues where the system performs its intended functions correctly but too late or too early [84917]. (d) value: The software failure incident is not specifically attributed to the system performing its intended functions incorrectly [84917]. (e) byzantine: The software failure incident is not characterized as a byzantine failure where the system behaves erroneously with inconsistent responses and interactions [84917]. (f) other: The behavior of the software failure incident in the article is not explicitly described, so it falls under the "other" category [84917].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence harm, property, theoretical_consequence The consequence of the software failure incident reported in Article 84917 was primarily related to potential harm and property impact. The faulty software used by Deutsche Bank to screen customer transactions for suspicious activity raised concerns about lax money-laundering controls, potentially allowing illegal transactions to go unreported [84917]. This failure could have led to harm if illicit activities were not detected and reported, impacting regulatory compliance and potentially enabling criminal activities. Additionally, the software failure could have consequences on property, as it may have affected the bank's reputation, shareholder confidence, and regulatory scrutiny, potentially leading to financial losses or legal repercussions [84917].
Domain finance (a) The failed system was related to the finance industry. Deutsche Bank used faulty software to screen customer transactions for suspicious activity, which is crucial in the financial sector to prevent money laundering and other illicit financial activities [84917].

Sources

Back to List