TSB programme pulled apart in report on IT meltdown

TSB’s management and the IT supplier that supported them were not ready to implement and run the bank’s new core banking platform, which resulted in its botched launch, a report has said.

Disaster struck in April 2018, when the bank migrated five million customers from Lloyds Banking Group systems, where they were hosted, to a new core banking platform.

Millions of customers found themselves locked out of their accounts, some saw money disappearing from accounts, and others were even able to see other people’s accounts.

When things went wrong, customers were not only unable to access their accounts, but were also increasingly targeted by “opportunistic fraudsters”. At their peak, these attacks were 70 times higher than normal levels, said the report by city law firm Slaughter and May, commissioned by TSB.

The disaster has cost the bank hundreds of millions of pounds in compensating customers, additional resources for advisory services from companies such as IBM and Deloitte, fraud and forgone income.

The investigation and the 262-page report are said to have cost £25m. It looks at what went wrong when TSB moved customers onto the platform, known as Proteo4UK, which was created by Sabis, an IT supplier owned by TSB parent Sabadell.

Problems identified during the investigation included the decision to perform a “big bang” migration without fully understanding the risks, a lack of assessing the capabilities of Sabis, and the fact that there were no expert external advisers for the project as a whole.

Proteo4UK is a UK-specific version of an existing core banking system used by TSB parent Sabadell. When Sabadell acquired TSB in 2015, it said it would move customers to a new banking platform, and TSB said this would cut its costs by £160m a year. It had previously paid Lloyds Banking Group, its previous owner, several hundred million pounds a year for a service.

But in the days following the migration, TSB’s internet and mobile banking channels were “unstable and almost unusable,” said the Slaughter and May report.

It said the migration programme was “complex and unprecedented in the UK” and concluded: “The platform was not ready to support TSB’s full customer base and Sabis was not ready to operate the platform.”

TSB’s decision to undertake a large “big bang” migration of customer accounts over one weekend – a “single-event implementation”, as the report described it – was a problem because the bank did not give enough consideration to the risks.

“The advantage of a single-event migration is that it is the fastest, cheapest and least complex way to proceed,” said the report. “However, if a bank does opt for a single-event migration, it is critical that the risks of this approach are understood and that the platform is robustly tested before going live to customers.”

But the report concluded: “TSB did not give sufficient consideration to whether a largely single-event migration was the right choice, what the risks would be, or how those risks would be mitigated.”

It said there was a failure to present alternatives to a big bang migration to the TSB board of directors. “For a programme of this nature, we would have expected [them] to be presented with a full range of implementation options before a final decision was taken,” said the report.

It also criticised a lack of testing at the right scale. Although there were a number of test events which identified some potential problems, these represented too small a part of the overall platform, said the report, adding: “The live proving was not carried out at a sufficient scale to allow TSB to identify the problems that would arise when Proteo4UK was taken live to the entire TSB customer base.”

Neither was there a sufficient assessment of whether Sabis was capable of delivering Proteo4UK, said the report, and there was a lack of independent expert advice on the project as a whole. “Although additional resources and capability was obtained through third parties, the TSB board did not take independent advice on the project as a whole, nor appoint advisers with an appropriate mandate,” it said.

An earlier report carried out by IBM, completed after it was brought in to help the bank fix the problem, found that TSB was not prepared for its core banking platform migration because of inadequate testing.

IBM said in its report: “We have not seen evidence of the application of a rigorous set of go-live criteria to prove production readiness.”

The tech supplier compared the project to a similar one it had worked on in the past, describing the rigour it would expect in such a project: “In a similar situation when IBM partnered with a financial organisation to migrate to a new core banking platform, multiple trial migrations were conducted, rolled back and then remediated prior to launch. The production launch was done over a longer period, initially open to programme members only, then staff, then targeted customer groups, before full launch to new customers and subsequent migration.”

After the publication of the Slaughter and May report, Richard Meddings, chairman of the TSB board, apologised for the disaster and said: “When we commissioned Slaughter and May to carry out this review, we specifically asked for a fully independent and thorough inquiry. Although the report doesn’t paint the full picture of migration, the board were absolutely clear that we wanted to be transparent and learn fully from those aspects which went wrong. That is why we have taken the decision to publish this report in full.”

Meddings said TSB has acted on learnings from the botched migration, including how its IT department operates. “Importantly, TSB has evolved to be a better business than the newly created bank which began the migration project,” he said. “We have already made major changes as a result of what we have learned, including moving to take direct control of our IT operations.”