TSB has been fined £48.7 million for operational risk management and governance failures over its IT upgrade programme in 2018.
Regulators the Financial Conduct Authority and the Prudential Regulation Authority, which have issued the fine, said technical failures in TSB’s IT system resulted in customers being unable to access banking services.
The failures included the management of outsourcing risks.
In April 2018, TSB updated its IT systems and migrated the data for its corporate and customer services onto a new IT platform. While the data itself migrated successfully, the platform immediately experienced technical failures. This resulted in significant disruption to the continuity of TSB’s banking services, including branch, telephone, online and mobile banking.
All of TSB’s branches and a significant proportion of its 5.2m customers were affected by the initial issues. Some customers continued to be affected by some issues and it took until December 2018 for TSB to return to business-as-usual.
TSB has paid £32.7m in redress to customers who suffered detriment.
“TSB’s IT migration programme was an ambitious and complex IT change management programme carrying a high level of operational risk,” said the FCA. “Its success was critical to TSB’s ability to provide continuity of critical functions and safety and soundness.
“However, the regulators’ found that TSB failed to organise and control the IT migration programme adequately, and it failed to manage the operational risks arising from its IT outsourcing arrangements with its critical third-party supplier.
“Operational resilience is a priority for both the FCA and PRA. As demonstrated by this incident, operational disruption can cause wide-ranging harm and it is critically important firms invest in their resilience.”
Mark Steward, FCA executive director of enforcement and market oversight, added: “The failings in this case were widespread and serious which had a real impact on the day-to-day lives of a significant proportion of TSB’s customers, including those who were vulnerable.
“The firm failed to plan for the IT migration properly, the governance of the project was insufficiently robust and the firm failed to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.”
TSB was fined almost £30m by the FCA and £18.9m by the PRA. It agreed to resolve this matter with the FCA and PRA, qualifying it for a 30% discount in the overall penalty imposed by both regulators.