TSB Bank fined $59.2M for governance lapses in botched IT migration

All of TSB’s branches and a large proportion of its 5.2 million customers were affected by technical failures caused when the bank tried to switch to a new IT system in April 2018, according to the Financial Conduct Authority (FCA).

While the data itself migrated successfully, the new platform immediately encountered technical difficulties, resulting in a near total shutdown of the bank’s branch, telephone, online, and mobile banking services. Disruptions would persist for weeks.

Normal business was only fully resumed in December 2018.

Between April 22, 2018, and April 7, 2019, TSB received 225,492 complaints from customers, the FCA noted in its final notice. TSB has since paid £32.7 million (U.S. $39.8 million) in redress to customers who suffered detriment.

The FCA fined the bank £29.75 million (U.S. $36.2 million) for operational risk management and governance failures linked to the project, including management of outsourcing risks, while the Bank of England’s Prudential Regulation Authority (PRA) added an £18.9 million (U.S. $23 million) penalty.

TSB qualified for a 30 percent discount from a total fine of £69.5 million (U.S. $84.6 million) for agreeing to resolve the matter quickly.

The regulators found TSB failed to plan, organize, and control the IT migration program adequately and manage the operational risks arising from its IT outsourcing arrangements with a critical third-party supplier. The bank had publicly announced the projected migration completion date just nine days after pulling the plug on a failed migration attempt and before it had even concluded its replanning exercise.

Further, TSB’s internal assurance reviews identified deficiencies in incident management processes between April and November 2017, but the issue was considered low impact and audit actions were closed.

“[T]he governance of the project was insufficiently robust, and the firm failed to take reasonable care to organize and control its affairs responsibly and effectively,” said Mark Steward, the FCA’s executive director of enforcement and market oversight, in a press release.

Sam Woods, chief executive of the PRA and deputy governor for prudential regulation, stated, “The disruption to continuity of service experienced by TSB during its IT migration fell below the standard we expect banks to meet.”

In a statement, TSB CEO Robin Bulloch apologized for the disruption, adding, “Over the past four years, we have harnessed our technology to deliver new products and better services for TSB customers.”