The board of TSB Bank lacked “common sense” in the lead-up to a major IT meltdown that locked two million people out of their accounts, a damning report has found.
An independent investigation by law firm Slaughter and May has concluded that the lender’s board should have done more to challenge bosses in charge of the systems upgrade last April.
But it also found that the IT boss at TSB failed to alert management at the bank to problems with the system, having made an “ill-judged” assessment that the lender was ready to go live with a new platform for its five million customers.
The debacle in April 2018 sparked one of the UK’s biggest ever banking systems crises and led to former TSB boss Paul Pester stepping down.
While the TSB board asked a number of pertinent questions ... there were certain additional common sense challenges that the TSB board did not put to the executiveSlaughter and May report
Not only were nearly two million customers left unable to access their accounts, but the calamity also sparked an unprecedented wave of opportunistic fraud attacks on customers, according to the report.
It also saw TSB foot a £370 million bill for customer compensation and expenses for the inquiry over the past 18 months.
Slaughter and May’s report concluded that the new IT system was “neither stable nor complete” when the board approved the migration of customer data from former owner Lloyds Banking Group’s IT system to a new one managed by TSB’s new parent, Sabadell.
The report said: “While the TSB board asked a number of pertinent questions … there were certain additional common sense challenges that the TSB board did not put to the executive.”
It added: “In the lead-up to the ‘go live’, the TSB board should have done more to assess, and should have provided a stronger challenge to the executive’s explanation of the adequacy of testing.”
The probe also said the timetable was rushed in the final stages and laid the blame not just on the board, but also said chief IT officer Carlos Abarca failed to raise major “shortcomings” of the new system to the board.
It said his statements to the board that the system was ready and would work as expected were “ill-judged”.
“While the TSB chief executive may not have been aware of these shortcomings, the TSB CIO was aware of them and he should have escalated them to the TSB CEO and to the TSB board,” the report found.
Their conclusions do not paint the full picture or arrive at the same conclusions as the other reportsRichard Meddings, TSB chairman
TSB chairman Richard Meddings said the board disagreed with some of the report’s findings, in particular that it missed opportunities to spot shortcomings in the run-up to the meltdown.
He instead insisted the finger of blame should be pointed at the fact that the bank’s two data centres were configured differently, though he admitted problems with oversight of key suppliers.
He admitted the saga was one of the most difficult in the bank’s history and that the report “reminds us of that painful chapter”.
Mr Meddings added: “We have already made major changes as a result of what we have learned, including moving to take direct control of our IT operations.”
Ex-boss Mr Pester also took aim at the “scattergun approach” of the report and claimed the board was left in the dark by its IT experts.
He said the findings suggest that Sabis – Sabadell’s in-house IT services arm, which designed the new system – “cut corners” and only tested one of the two data centres.
“If we had been aware of Sabis’s shortcuts in the testing programme, the TSB board and I would never have pressed ahead with switching to the new system at that time,” he said.
An inquiry into the incident by the Prudential Regulation Authority and the Financial Conduct Authority is continuing.