Technical failures in the bank's IT system resulted in customers being unable to access banking services
The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) have imposed a £48.65 million fine on TSB Bank for operational risk management and governance failures.
TSB was fined £29.75 million by the FCA and £18.9 million by the PRA. But with TSB agreeing to resolve the matter with the regulators, it qualified for a 30% discount in the overall penalty. Without this discount, the FCA and PRA would have imposed a total financial penalty of £69.5 million – £42.5 million by the FCA and £27 million by the PRA.
The FCA said technical failures in TSB’s IT system resulted in customers being unable to access banking services when the bank updated its systems and migrated the data for its corporate and customer services on to a new IT platform in April 2018.
While the data migrated successfully, the platform immediately experienced technical failures, which resulted in significant disruption to the continuity of TSB’s banking services, including branch, telephone, online, and mobile banking.
The regulators reported that all of TSB’s branches and a significant proportion of its 5.2 million customers were affected by the initial issues, while some customers continued to be affected by some issues. It took until December 2018 for TSB to return to business-as-usual, and the bank has paid £32.7 million in redress to customers.
In 2019, a Treasury Committee report called on regulators to increase fines to deal with unacceptable IT failures in financial services. It stressed that while completely uninterrupted access to banking services is not achievable, prolonged IT failures should not be tolerated.
After conducting an investigation, the FCA and PRA found that TSB failed to organise and control the IT migration program adequately, and it failed to manage the operational risks arising from its IT outsourcing arrangements with its third-party supplier.
“The failings in this case were widespread and serious which had a real impact on the day-to-day lives of a significant proportion of TSB’s customers, including those who were vulnerable,” Mark Steward, executive director of enforcement and market oversight at the Financial Conduct Authority, commented.
“The firm failed to plan for the IT migration properly, the governance of the project was insufficiently robust, and the firm failed to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems.”
Sam Woods, deputy governor for prudential regulation and chief executive at the Prudential Regulation Authority, said they expect firms to manage their operational resilience, as well as their financial resilience.
“The disruption to continuity of service experienced by TSB during its IT migration fell below the standard we expect banks to meet,” Woods added.