Professional Images

TSB hit with huge fine after IT migration disaster

TSB has been fined nearly £50m due to failings during its IT migration catastrophe

TSB has been fined £48.65m by UK finance regulators for failures that led to an IT meltdown during the migration of millions of customer accounts between banking systems.

In April 2018, the bank was moving from Lloyds Banks systems, where they were hosted, to a new core banking system from its owner, Spanish bank Sabadell, known as Proteo4UK. Disaster struck when TSB migrated millions of customer accounts from the systems of Lloyds Bank, which hosted them, to the new platform.

Over a five-day period, users were locked out, experienced money disappearing, and some were even able to see other customers’ accounts.

The fine by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) relates to operational risk management and governance failures. This includes management of outsourcing risks, relating to the IT projects. “Technical failures in TSB’s IT system ultimately resulted in customers being unable to access banking services,” said the regulators.

Proteo4UK is a UK-specific version of Sabadell’s existing core banking system, Proteo. It was designed to support TSB in the digital banking age and enable it to challenge bigger banks by offering fintech services like some of the UK’s digital challenger banks do. It replaced a hosting agreement with Lloyds Bank, which had run since the two banks split.

During the IT outage, all of TSB’s branches and millions of customers were affected by the initial issues. TSB has already paid £32.7m in redress to customers who suffered detriment, and its then CEO, Paul Pester, fell on his sword, leaving the company soon after the disaster.

“TSB’s IT migration programme was an ambitious and complex IT change management programme carrying a high level of operational risk,” an FCA statement said. “Its success was critical to TSB’s ability to provide continuity of critical functions and safety and soundness. However [we] found that TSB failed to organise and control the IT migration programme adequately, and it failed to manage the operational risks arising from its IT outsourcing arrangements with its critical third-party supplier.”

Mark Steward, FCA executive director of enforcement and market oversight, said: “The failings in this case were widespread and serious, which had a real impact on the day-to-day lives of a significant proportion of TSB’s customers, including those who were vulnerable.

“The firm failed to plan for the IT migration properly, the governance of the project was insufficiently robust and the firm failed to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.”

Sam Woods, deputy governor for Prudential Regulation of the PRA, said: “[We] expect firms to manage their operational resilience as well as their financial resilience. The disruption to continuity of service experienced by TSB during its IT migration fell below the standard we expect banks to meet.”

Read more on IT for financial services