TSB has published the independent review of the bank’s botched 2018 migration to a new IT platform, which criticised the board for failing to address “common sense challenges” about aspects of the process.

Law firm Slaughter and May’s report sets out a number of findings on aspects of the planning and preparation for migration which they believe could have been done differently, including the need for stronger oversight of suppliers and questions around how testing was carried out.

Sabis, the IT servicing arm of parent company Banco Sabadell, had recommended testing only one of the data centres in order to avoid interrupting ATM services for TSB customers. The failure to conduct rigorous testing made it impossible to identify the problems causing the system downtime.

Carlos Abarca, the chief information officer at the time, was also criticised for allegedly failing to tell board members about the shortcomings before the migration commenced. Under pressure from Banco Sabadell to meet deadlines, the report suggested that he made an “ill-judged” assessment of TSB’s readiness to proceed with the move.

TSB has already had to pay almost £370 million in post-migration charges as a result of the IT meltdown. Further fines from the regulators following the report could increase this total.

In light of the disruption customers experienced, TSB has made changes to leadership and management structures, as well as the decision to take direct control of its IT operations – including compensation for those affected.

The bank stated that its new operating platform means faster mortgage applications processes, the introduction of new digital capabilities such as identity verification on TSB’s mobile app, opening times for current accounts and business accounts less than half of what they were before the migration, and the introduction of a Fraud Refund Guarantee.

It pointed out that the most recent data from the regulator shows that IT incidents at TSB are now in line with, or below, the levels of others in the industry.

The report stated that last year’s IT migration was “a highly complex project”, involving over four years of planning and testing.

“The TSB board recognised that moving the whole bank from multiple, third-party legacy systems to a single new platform was a huge, but necessary, undertaking,” the statement read, adding that therefore the migration was carried out in stages, initially moving systems including ATMs, debit and credit card payments, mortgages and the digital mobile app, followed by key internal systems, and ultimately the main migration of customer data.

TSB stated that there are aspects of Slaughter and May’s report with which the board does not agree.

“In particular, a key cause of the extent of disruption was that the two data centres, built to support the new platform were, in certain areas, configured inconsistently despite having been specified to be identical,” the bank responded. “Additional issues around coding and capacity also arose – these technical issues were then compounded by the high volume of customer enquiries as public concern increased – enquiries which exceeded the contingency resources already in place.”

The information the board considered at the time that they made the decision to proceed with migration did not suggest that customers would be impacted in this way. “The board carefully considered comprehensive expert scrutiny, attestations and assurances from executives and third-party suppliers including SABIS, and feedback from technical, third party, and regulatory bodies throughout.”

Richard Meddings, chairman of the TSB board, said: "When we commissioned Slaughter and May to carry out this review, we specifically asked for a fully independent and thorough inquiry.

“Although the report doesn’t paint the full picture of migration, the board were absolutely clear that we wanted to be transparent and learn fully from those aspects which went wrong.”

The core objective behind TSB’s IT migration was the transfer of customer data from the legacy IT platform TSB had inherited in 2013, as part of the separation from Lloyds Banking Group, to a single, modern technology platform. This was developed and built by SABIS, which in turn engaged a number of suppliers to provide the systems.

The details of the report blamed elements of the two data centres built to support the new platform, which were configured inconsistently – something not identified prior to migration, despite “extensive testing”.

As a result of the access problems affecting TSB’s online channels, large numbers of TSB customers tried to use TSB’s physical and telephone banking channels to access their accounts – levels of contact which these channels were unable to withstand. A number of other issues in call centres and branches were subsequently exacerbated by the volume of enquiries.

The report pointed to challenges which stemmed from “single points of failure” in global technology infrastructures, which can lead to outages across banks and other financial institutions.

It also noted the need to improve the overall resilience of financial service institutions which rely on outsourced IT service providers, as well as the wider risks which continue to exist across the industry from legacy IT systems.

Finally, the report identified the pace at which social media operates impacting an organisation’s ability to investigate, verify and respond to fast spreading stories.

Share Story: