The Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) have fined TSB Bank plc (TSB) a total of £48,650,000 for operational risk management and governance failures, including management of outsourcing risks, relating to the bank’s IT upgrade programme.
These technical failures in TSB’s IT system ultimately resulted in customers being unable to access banking services. All of TSB’s branches and a significant proportion of its 5.2 million customers were affected by the initial issues in April 2018. Some customers continued to be affected by some issues and it took until December 2018 for TSB to return to business-as-usual.
TSB has paid £32.7m in redress to customers who suffered detriment.
TSB’s IT migration programme was an ambitious and complex IT change management programme carrying a high level of operational risk. Its success was critical to TSB’s ability to provide continuity of critical functions and safety and soundness. However, the regulators’ found that TSB failed to organise and control the IT migration programme adequately, and it failed to manage the operational risks arising from its IT outsourcing arrangements with its critical third-party supplier.
TSB was fined £29,750,000 by the FCA and £18,900,000 by the PRA. TSB agreed to resolve this matter with the FCA and PRA qualifying it for a 30% discount in the overall penalty imposed by both regulators. Without this discount, the FCA and PRA would have imposed a combined financial penalty of £69,500,000 (£42,500,0000 by the FCA and £27,000,000 by the PRA).
