TSB neglected to assess capabilities of main IT provider in its failed system migration

TSB did not properly assess the IT services company that lead its migration to a new core banking platform, which contributed to its failure, a major report finds.

The fact that the IT services provider, Sabis, is part of TSB owner Sabadell Group meant that TSB did not assess it in the same way as it would have assessed a third party.

According to city law firm Slaughter and May’s investigation into TSB’s botched IT migration in April 2018, it was clear from the investigation that “Sabis was not ready to operate the Proteo4UK”.

Proteo4UK is a UK version of Sabadell Group’s Proteo core banking system. The platform was designed to enable TSB to introduce the products and services that customers want in the digital world and cut operating costs by £160m a year. It had previously paid Lloyds Banking Group, its previous owner, several hundred million pounds a year for a service.

Disaster struck in April 2018, when the bank migrated five million customers from Lloyds Banking Group systems, where they were hosted, to a new core banking platform. Millions of customers found themselves locked out of their accounts, some saw money disappearing from accounts, and others were even able to see other people’s accounts.

The investigation by Slaughter and May, which looked into what went wrong, resulted in a 262-page report, which was recently published.

Problems identified during the investigation included the decision to perform a “big bang” migration without fully understanding the risks, and the fact that there were no expert external advisers for the project as a whole.

It also highlighted a lack of assessment of the capabilities of Sabis, and said that while selecting Sabis to lead the programme made sense, the relationship was not managed robustly.

“Given Sabadell’s acquisition of TSB and its experience of its Proteo platform, the use of Sabis to build Proteo4UK was a natural starting point for TSB.”

But TSB failed to properly assess Sabis before the project started and manage it when it did, said the report.

“Given the scope and complexity of the programme and how critical it was to TSB, it should have taken proper steps to assess Sabis’s capabilities, and to manage it on an ongoing basis, in the same way it would have dealt with third party suppliers providing comparable services,” it added.

The report highlighted the bank’s failure to manage Sabis as “an arm’s length supplier” when it came to the design, build and testing of Proteo4UK.

As a consequence, TSB did not carry out due diligence on Sabis’s capabilities and had a conflict of interest as the TSB CIO also had a role directing development at Sabis. Nor did TSB exercise its audit rights to check out Proteo4UK, or ensure that subcontractors managed by Sabis were done so robustly.

In March, TSB announced an in-house team will take ownership of IT, including the core banking platform Proteo4UK. “We will take direct ownership of our banking platform, including direct contractual relationships with the third-party technology suppliers,” said a TSB statement.

TSB said the botched migration cost it a total of £330m, which included compensating customers, additional resources, fraud and foregone income. It has also damaged its reputation.