TSB bank fined £48 million over botched IT upgrade programme
The bank upgraded its IT systems in 2018 which led to a significant portion of its 5.8 million customers experiencing disruption to banking services
TSB has been fined £48.65 million by two UK regulators after it experienced technical failures in its IT system which led to customers being unable to access banking services.
The bank updated its IT systems in April 2018 and migrated data for corporate and customer services onto a new IT platform and although the data migrated successfully, the platform began to suffer from technical failures immediately, according to the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA).
TSB outage: CEO Paul Pester quits after IT meltdown TSB will take IT in-house after meltdown TSB’s IT disaster pinned on ‘big bang’ approach to migration
This led to TSB’s banking services experiencing significant disruption across branch services, telephone, online, and mobile banking. All of the bank’s branches, and a “significant portion” of TSB’s 5.2 million customers were affected. It took until December 2018 for the bank’s services to return to normal, and it has already paid £32.7 million to customers in compensation.
The regulators branded the bank’s IT migration programme an ambitious and complex IT change management programme which came with a high level of operational risk.
They said that the bank failed to organise or control this programme adequately, and failed to manage the operational risks which came about as a result of its IT outsourcing arrangements with a critical third-party supplier.
“The failings in this case were widespread and serious which had a real impact on the day-to-day lives of a significant proportion of TSB’s customers, including those who were vulnerable,” said Mark Steward, FCA executive director of enforcement and market oversight. “The firm failed to plan for the IT migration properly, the governance of the project was insufficiently robust and the firm failed to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.”
The FCA fined the bank £29,750,000 while the PRA fined it £18,900,000. Because TSB agreed to comply with the regulators, it has qualified for a 30% discount on the overall penalty. Without the discount, TSB would have had to pay a combined financial penalty of £69,500,000.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
“We’d like to apologise again to TSB customers who were impacted by issues following the technology migration in 2018. We worked hard to put things right for customers then and have since transformed our business,” said Robin Bulloch, TSB’s chief executive officer. “Over the past four years, we have harnessed our technology to deliver new products and better services for TSB customers.”
What happened in the failed TSB IT upgrade?
TSB experienced an IT failure after the bank migrated records onto a platform that wasn’t ready and by a supplier that wasn’t fit to operate, according to independent investigators Slaughter and May.
The bank’s design, build, and testing of the platform, the Proteo4UK system - developed by Sabis - involved more than 1,400 people and 70 suppliers. This was described as unprecedented and incredibly complicated.
The bank lacked sufficient oversight of its suppliers and there was an absence of robust testing of the new system, read the report from the law firm.
TSB's then-CEO Paul Pester quit the organisation due to the IT migration problems in September 2018. Users of its online services were locked out of their accounts and continued to experience problems five months after the migration took place. Some customers also had access to strangers’ bank accounts.
In February 2019, the bank revealed the disaster had cost £330 million, with £125 million of the figure in customer compensation, £122 million for emergency recruitment, £49 million in fraud, and £33.5 million in uncollected fees. This was to be mitigated by £153 million from Sabis, its It provider that was owned by the bank’s parent company Banco de Sabadell.
TSB then took steps in April 2019 to bring its IT in-house, taking on direct contract relationships with third party technology suppliers. It said that it also wanted to build new technology products to help it to innovate faster.
Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.