Financial Services Compliance Blog - Thistle Initiatives

TSB fined £48.6m for operational resilience failings

Written by Keith Maner – Compliance & Technical Manager | Mar 1, 2023 1:34:04 PM

Summary

The FCA and the PRA have fined TSB Bank plc a total of £48.6m over operational risk management and governance failures. In particular, the regulators found that poor management of outsourcing risks in connection with an IT upgrade programme led to technical failures that left customers unable to access banking services.

In April 2018, TSB updated its IT systems and migrated corporate and customer services data to a new platform. While the migration was successful, the platform then immediately suffered technical failures. This resulted in significant disruption to services, including branch, telephone, online and mobile banking. All TSB branches, and a significant proportion of its 5.2m customers, were affected. Normal services were not restored for some customers until December 2018. TSB has paid £32.7m in redress to customers who suffered detriment.

The regulators concluded that the bank’s migration programme was an ambitious and complex change management programme that clearly carried a high level of operational risk. TSB’s ability to continue providing critical functions depended on its success. However, TSB failed to organise and control the migration adequately or to manage operational risks arising from outsourcing work to a critical third-party provider.

Operational resilience is a key priority for the FCA and PRA. The regulators stressed the critical importance of firms investing in resilience to avoid wide-ranging harm to customers. 

FCA executive director of enforcement and market oversight Mark Steward said ‘The failings in this case were widespread and serious. They had a real impact on the day-to-day lives of a significant proportion of TSB customers, including vulnerable customers. The firm failed to plan for the IT migration properly. The governance of the project was insufficiently robust, and the bank failed to take reasonable care to organise and control its affairs responsibly and effectively with adequate risk management systems.’

TSB was fined £29.7m by the FCA and £18.9m by the PRA. TSB agreed to resolve the matter quickly, qualifying it for a 30% discount on the overall penalty. Without this discount, the FCA and PRA would have imposed a combined financial penalty of £69.5m.

Links: https://www.fca.org.uk/news/press-releases/tsb-fined-48m-operational-resilience-failings