TSB has been fined £48.6m after the bank left millions of customers locked out of their accounts for weeks during a botched IT migration which was characterised by “widespread and serious failings”, according to the UK financial regulator.
The Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) issued the penalty this morning after an investigation found the IT blunder in 2018 caused “significant disruption” to the continuity of TSB’s banking services, including branch, telephone, online and mobile banking.
What happened in the TSB IT crash?
Problems began for TSB when it tried to migrate its systems to a new platform. Though it was able to successfully migrate data to the platform, the system crashed on launch and took weeks to become operational. This left a “significant portion” of the bank’s 5.2 million customers unable to access funds, and led to a wave of fraud attempts, the FCA said.
The FCA described the project, initiated by the bank’s Spanish parent company Sabadell, as “an ambitious and complex IT change management programme carrying a high level of operational risk.”
“Its success was critical to TSB’s ability to provide continuity of critical functions and safety and soundness,” an FCA statement said. “However, the regulators’ found that TSB failed to organise and control the IT migration programme adequately, and it failed to manage the operational risks arising from its IT outsourcing arrangements with its critical third-party supplier.”
Following the incident, TSB commissioned its own investigation led by law firm Slaughter and May. It found over two million people were affected by the TSB IT crash, and criticised the company’s board for inadequate preparation of the system prior to launch. It discovered problems with two data centres which weren’t tested at all prior to the migration. One of the data centres was “reserved for live purposes”, so the complete infrastructure was never tested at load.
“As the decision was taken to conduct performance testing on a single data centre, it was impossible to identify these issues before Go Live,” Slaughter and May’s investigation found.
The migration was managed by Sabadell’s IT arm, Sabadis.
The incident had major consequences for TSB, which had to hire 2,100 additional staff to repair the damage caused by the crash, and paid out over £32m in compensation to customers. It also cost CEO Paul Pester his job after he came in for criticism from customers and MPs.
TSB IT crash: ‘widespread and serious failings’
TSB was fined £29.7m by the FCA and £18.9m by the PRA. By settling with the regulators it earned itself a 30% discount, otherwise the penalty could’ve been even higher.
“The failings in this case were widespread and serious which had a real impact on the day-to-day lives of a significant proportion of TSB’s customers, including those who were vulnerable,” said Mark Steward, FCA executive director of enforcement and market oversight.
“The firm failed to plan for the IT migration properly, the governance of the project was insufficiently robust and the firm failed to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.”
After the news was announced, TSB’s CEO Robin Bulloch said: “We’d like to apologise again to TSB customers who were impacted by issues following the technology migration in 2018. We worked hard to put things right for customers then and have since transformed our business.”