The Board of TSB has today published an independent review of the bank’s 2018 migration to a new IT platform, which it commissioned from the law firm, Slaughter and May. The conclusions and opinions expressed in the report are Slaughter and May’s.
Slaughter and May’s report sets out a number of findings on aspects of the planning and preparation for migration which they believe could have been done differently, including the need for stronger oversight of suppliers and questions around how testing was carried out. In light of the disruption customers experienced, TSB has made important changes to enable the bank to rebuild – including to leadership and management structures, as well as the decision to take direct control of its IT operations. Importantly, TSB has long since compensated every eligible customer who was impacted by the disruption.
TSB now has a strong operating platform and customers are seeing the benefits of the new systems – with a faster mortgage applications process, the introduction of new digital capabilities such as identity verification on TSB’s mobile app, opening times for current accounts and business accounts less than half of what they were before the migration, and the introduction of an industry-leading Fraud Refund Guarantee to protect innocent victims of fraud. As the most recent data from the FCA shows, IT incidents at TSB are now in line with, or below, the levels of others in the industry.
As is evident from the Slaughter and May report, the 2018 migration was a highly complex project, involving over four years of detailed planning and testing. The TSB Board recognised that moving the whole bank from multiple, third-party legacy systems to a single new platform was a huge but necessary undertaking. The migration was therefore carried out in stages, initially moving systems including ATMs, debit and credit card payments, mortgages and the digital mobile app, followed by key internal systems, and ultimately the main migration event, including the migration of customer data. Despite migrating the core banking data and payment records for all five million customers, there were significant levels of disruption and inconvenience in the aftermath of the main migration event in April 2018.
Slaughter and May raise a number of issues which they believe could have prevented the disruption that TSB customers experienced in 2018. Slaughter and May’s report is one of a number of reviews which have been carried out by external parties and by teams within TSB over the last eighteen months. These reports have highlighted other aspects which are not fully reflected in Slaughter and May’s report and, as a result, there are aspects of Slaughter and May’s report with which the Board does not agree. In particular, a key cause of the extent of disruption was that the two data centres, built to support the new platform were, in certain areas, configured inconsistently despite having been specified to be identical. Additional issues around coding and capacity also arose. These technical issues were then compounded by the high volume of customer enquiries as public concern increased – enquiries which exceeded the contingency resources already in place.
The information the TSB Board considered at the time that they made the decision to proceed with migration did not suggest that customers would be impacted in this way. The decision to proceed with the main migration event in April 2018 followed a long period of testing, with reports to the Board signalling readiness, and took account of the successful performance of those parts of the bank which had already moved to the new platform. Additionally, the Board carefully considered comprehensive expert scrutiny, attestations and assurances from the Executives and third-party suppliers including SABIS, and feedback from technical, third party, and regulatory bodies throughout. The overall governance of the programme had also been considered by external experts prior to the migration and assessed to be rigorous and appropriate for a programme of this scale and complexity.
Richard Meddings, Chairman of the TSB Board, said:
"On behalf of everyone at TSB, I want personally to apologise again for the service disruption which customers experienced during the spring and summer of 2018. I would also like to thank everyone at TSB for their significant efforts and commitment to putting things right for our customers and for getting the bank into the position it is in today.
"When we commissioned Slaughter and May to carry out this review, we specifically asked for a fully independent and thorough inquiry. Although the report doesn’t paint the full picture of migration, the Board were absolutely clear that we wanted to be transparent and learn fully from those aspects which went wrong. That is why we have taken the decision to publish this report in full.
"Importantly, TSB has evolved to be a better business than the newly created bank which began the migration project. We have already made major changes as a result of what we have learned, including moving to take direct control of our IT operations. With the leadership of Debbie Crosbie as our CEO, we are now well on track to get TSB back to what it does best: serving customers and bringing better choices to UK banking."
TSB assessment of 2018 IT migration and subsequent action
The 2018 IT migration was the most complex change programme TSB has ever carried out and one of the most complex in British banking history. Planning for migration began more than four years before the main migration event in April 2018, and involved extensive technical, regulatory and third-party engagement and support.
The core objective behind TSB’s IT migration was the transfer of customer data from the legacy IT platform TSB had inherited in 2013, as part of the separation from Lloyds Banking Group, to a new, single, modern technology platform. This was developed and built by the Sabadell subsidiary, SABIS, who in turn engaged a number of industry-leading suppliers to provide the systems.
The Board decision to go live in April 2018 was based on a significant volume of objective evidence, including attestations from the Executive and written and oral assurances from third party suppliers, including SABIS, nine successful dress rehearsals and transition events, detailed analysis and deep dives undertaken by the Board, and a pilot test involving more than 1,600 employees. The evidence presented to the Board at the time signalled readiness and followed a period of extensive testing and as well as continuous technical, third party advisory and regulatory engagement throughout.
This final migration of customer data was completed with every customer account transferred to the penny. However, despite this, the main migration was followed by extensive service disruption and instability for TSB customers.
In light of this disruption, the Board of TSB appointed Slaughter and May to carry out this review. The Board also committed to the Treasury Select Committee that it would make the final review public, so that the wider industry would have the benefit of this work. Teams from across TSB, supported by Sabadell Group, have worked extensively to provide Slaughter and May with the information requested to support their inquiry, sharing over 2.8 million documents, including internal and independent external third-party reports. Slaughter and May issued their report to TSB in final form and TSB had no editorial control over it. As such, the report reflects the findings and opinions of Slaughter and May based on their investigations.
As Slaughter and May’s report highlights, and TSB’s own analysis has identified, it is clear that a range of technical issues contributed to the service disruption following migration. These included:
a) Elements of the two data centres built to support the new platform were, in certain aspects, configured inconsistently.
b) Despite extensive testing, this configuration issue was not identified prior to migration.
c) As a result of the access problems affecting TSB’s online channels, large numbers of TSB customers tried to use TSB’s physical and telephone banking channels to access their accounts – levels of contact which these channels were unable to withstand.
d) A number of other issues in call centres and branches were subsequently exacerbated by the volume of enquiries.
As well as resolving these technical challenges, the Board of TSB have approved a series of material changes to the leadership and governance of the business since the 2018 IT migration which are being led by CEO, Debbie Crosbie, who joined the business in May 2019.
Since migration, TSB with the support of Sabadell has conducted an extensive reorganisation of the management structure and governance of IT across TSB. This includes Sabadell enabling TSB to take direct management of IT operations, including establishing certain IT capabilities in TSB. It also includes changes to the way incidents and outages are handled by the business, improving the response effectiveness and the way all critical suppliers are engaged.
In reviewing the issues which arose in April and May 2018, the Board of TSB have also identified a range of areas where action should be considered across the industry and alongside Government in order to prevent major IT disruptions in the future.
These issues include:
a) Challenges which stem from “single points of failure” in global technology infrastructures, which can lead to outages across banks and other financial institutions.
b) The need to improve the overall resilience of financial service institutions which rely on outsourced IT service providers.
c) The wider risks which continue to exist across the industry from legacy IT systems
d) The growing trend for criminals and fraudsters to capitalise on any IT disruption to defraud customers.
e) The pace at which social media operates impacting an organisation’s ability to investigate, verify and respond to fast spreading stories.
TSB has highlighted these issues in its evidence to the UK House of Commons Treasury Select Committee Inquiry into IT outages. The Committee’s report, published on 28 October, underlines the need for greater shared understanding of the governance and delivery of complex IT projects, particularly when moving from legacy systems.
Slaughter and May's work is one of a number of reviews into the IT migration, including the ongoing regulatory investigations led by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA). Where those investigations find that action is required, the Board of TSB will consider that recommendation and take appropriate action as required. The Board of TSB is committed to continuing to provide full cooperation and assistance to the FCA and PRA.
Notes to editors
Click here to view the report from Slaughter and May.