TSB has been fined a total of £48.7m by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) for operational risk management and governance failures.

The bank’s failures include its management of outsourcing risks relating to its IT upgrade programme. Technical failures in TSB’s IT system ultimately resulted in customers being unable to access banking services.

In April 2018, TSB updated its IT systems and migrated the data for its corporate and customer services on to a new IT platform. While the data itself migrated successfully, the FCA revealed that the platform immediately experienced technical failures. This resulted in significant disruption to the continuity of TSB’s banking services, including branch, telephone, online and mobile banking.

All of TSB’s branches and a significant proportion of its 5.2 million customers were affected by the initial issues. Some customers continued to be affected by some issues and it took until December 2018 for TSB to return to business-as-usual. TSB has since paid £32.7m in redress to customers who suffered detriment.

The FCA described TSB’s IT migration programme as “an ambitious and complex IT change management programme”, which was carrying a high level of operational risk. The regulator’s stated that it success was critical to TSB’s ability to provide continuity of critical functions and safety and soundness.

However, both found that TSB failed to organise and control the IT migration programme adequately, and it failed to manage the operational risks arising from its IT outsourcing arrangements with its critical third-party supplier.

TSB was fined £29.8m by the FCA and £18.9m by the PRA.

FCA executive director of enforcement and market Oversight, Mark Steward, commented: “The failings in this case were widespread and serious which had a real impact on the day-to-day lives of a significant proportion of TSB’s customers, including those who were vulnerable.

“The firm failed to plan for the IT migration properly, the governance of the project was insufficiently robust and the firm failed to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.”

Deputy governor for prudential regulation and CEO of the PRA, Sam Woods, added: “The PRA expects firms to manage their operational resilience as well as their financial resilience. The disruption to continuity of service experienced by TSB during its IT migration fell below the standard we expect banks to meet.”

Share Story: