Law firm Slaughter and May has conducted an independent review of the IT migration at TSB in 2018 which left up to 1.9 million customers unable to bank online, some for several weeks, and prompted a surge in fraud attacks.

The fiasco cost TSB a total of £330m for customer compensation, fraud losses and other expenses.

The data migration plans were meant to separate TSB from the IT systems owned by its former parent Lloyds Banking Group. TSB is now owned by Spanish bank Sabadell.

The migration was carried out in stages, initially moving systems including ATMs, debit and credit card payments, mortgages and the digital mobile app, followed by key internal systems, and ultimately the main migration event, including the migration of customer data.

What went wrong at TSB

The report, commissioned by TSB, found that customers were moved on to a new system which hadn’t been tested properly before going live and that the TSB board failed to ask Sabadell’s IT arm Sabis key questions ahead of the launch.

In particular, a key cause of the extent of disruption was that the two data centres, built to support the new platform were, in certain areas, configured inconsistently despite having been specified to be identical.

Additional issues around coding and capacity also arose. These technical issues were then compounded by the high volume of customer enquiries as public concern increased – enquiries which exceeded the contingency resources already in place.

Slaughter and May also found TSB’s board failed “to fully understand the scope and complexity” of the new system prior to its failure, and that Sabis had not been ready to operate the new platform and had failed to test one of two data centres it relied on prior to the launch.

The report criticised the TSB board’s decision making process and communications with Sabadell, pointing out that there was an opportunity for TSB to learn from delays in the first 18 months of the project but “this opportunity was missed” and as a result “TSB went live with a platform that was, in the event, neither stable nor complete.”

Response to the report

The IT fiasco led to TSB’s former chief executive Paul Pester standing down months after the debacle. Pester criticised the report’s “scattergun” approach, and blamed Sabadell and Sabis for cutting corners with critical IT testing.

Pester said Sabis only testing one of TSB’s two new data centres was a decision kept from the board which made it impossible for the bank to anticipate the serious problems which lay ahead.

Richard Meddings, chairman of the TSB board, said: “When we commissioned Slaughter and May to carry out this review, we specifically asked for a fully independent and thorough inquiry. Although the report doesn’t paint the full picture of migration, the board were absolutely clear that we wanted to be transparent and learn fully from those aspects which went wrong. That is why we have taken the decision to publish this report in full.

“Importantly, TSB has evolved to be a better business than the newly created bank which began the migration project. We have already made major changes as a result of what we have learned, including moving to take direct control of our IT operations. With the leadership of Debbie Crosbie as our CEO, we are now well on track to get TSB back to what it does best: serving customers and bringing better choices to UK banking.”

Slaughter and May’s report is one of a number of reviews which have been carried out by external parties and by teams within TSB over the past 18 months.