Release Date: 20th December 2022
To access the original FCA document, click here.
Summary
TSB Bank plc has been fined £29.75 million by the FCA for significant failings in its IT migration programme. This penalty, reduced from £42.50 million due to early settlement, highlights critical oversights and mismanagement during TSB’s migration from the Lloyds Banking Group IT platform to Sabadell’s Proteo4UK platform in April 2018.
Key Reasons for the Fine:
- Unprecedented IT Migration: The migration involved transferring TSB’s core IT services to a newly built and unproven platform within a highly ambitious timeframe, leading to severe operational issues.
- Service Disruptions: Post-migration, customers faced widespread access issues, including failures in digital and telephone banking, branch technology, and payment services, leading to significant customer detriment.
- Planning and Risk Management Failures: TSB’s planning was overly optimistic, with inadequate contingency measures. The programme experienced delays and insufficient testing, particularly in non-functional areas, which contributed to the migration failures.
- Outsourcing Mismanagement: TSB failed to properly assess and manage the capabilities of SABIS, its key outsourced provider, and did not adequately oversee the complex supplier network involved in the migration.
- Inadequate Business Continuity Planning: TSB’s incident management preparations were insufficient, lacking robust plans for dealing with a large-scale IT failure.
Migration Programme Failings:
- Inadequate Planning: TSB set unrealistic timelines and failed to adjust plans based on project delays.
- Insufficient Testing: Critical non-functional testing was either reduced in scope or omitted, leading to undetected issues in the platform.
- Poor Risk Management: TSB did not fully identify or mitigate risks associated with SABIS’s performance and supplier management.
- Lack of Effective Oversight: The TSB Board did not sufficiently challenge or discuss key aspects of the migration, including the timetable and readiness of the platform.
- Business Continuity Oversights: TSB was unprepared for the scale of the issues post-migration, leading to significant delays in resolving customer complaints and operational disruptions.
Customer Impact and Remediation:
- Customer Complaints: TSB received 225,492 complaints, constituting about 4.3% of its customer base, and paid £32.7 million in redress.
- Remediation Programme: TSB initiated the “Putting Things Right Programme” to address customer issues and compensate affected customers, though it faced delays due to the high volume of complaints.
Key Takeaways for Other Firms:
- Realistic Planning and Timelines: Ensure project timelines are realistic and adjust plans based on actual progress and delays.
- Comprehensive Testing: Conduct thorough and complete testing, especially for critical non-functional requirements.
- Robust Risk Management: Fully assess and mitigate risks associated with outsourcing and supplier management.
- Effective Governance: Engage the Board in critical project discussions and ensure they challenge key decisions.
- Strong Business Continuity Plans: Prepare robust incident management and business continuity plans for large-scale projects.
Conclusion:
The FCA’s fine on TSB underscores the importance of realistic planning, thorough testing, effective risk management, and strong governance in IT projects. Firms must ensure robust oversight and preparedness to mitigate risks and avoid significant customer impact and regulatory penalties.
Back to the Dear CEO letter archives.