Investigations into the IT meltdown at TSB the UK retail bank, in April 2018 have continued with the release of a report by law firm Slaughter & May, which has criticised TSB’s management and highlighted failures of testing as a root cause of events that led to a prolonged shut-down of TSB’s online services.
In the transition of customer data to the systems of its new parent, Banco Sabadell, TSB’s senior managers did not communicate efficiently with either Sabadell or it’s IT subsidiary, Sabis, the report said. “While the TSB board asked a number of pertinent questions… there were certain additional common sense challenges that the TSB board did not put to the executive,” concluded Slaughter & May.
But responsibility for the failures, which led to around 1.9 million customers being shut out of their accounts and eventually cost TSB an estimated £330m, driving the bank into a £105.4 million loss for 2018. “We have concluded that the new platform was not ready to support TSB’s full customer base and Sabis was not ready to operate the new platform,” the report said.
The report said that there were more than 2,000 defects relating to testing at the time the system went live, however the board were only told about 800.
The failings in the testing process at TSB had already been highlighted in a report to TSB’s board by IBM, which was brought into provide a triage assessment at the height of the crisis in April 2018. IBM said in its report: “A combination of new applications, advanced use of microservices, combined with the use of active-active data centres, have resulted in compounded risk in production.”
The transition process that TSB and Sabadell had chosen: “Demands extensive engineering, testing and proving,” the IBM report said. “This scale and complexity require longer than normal to prove the platform through incremental customer take-on to observe and mitigate any operation risks.”
IBM said that there was no evidence that TSB had seen evidence that TSB had been provided with evidence of test outcomes and in particular that: “Performance testing [for the project] did not provide the required evidence of capacity and a lack of active-active test environments have materialised risk due to issues with global load balancing across data centres.”
Compounding the problems with TSB’s digital services, it is understood that even once some of the initial defects had been addressed – and TSB had announced its sites were back up and running – the heavy load of customers trying to log back into their accounts caused a further collapse in service.
As a result of the IT meltdown at TSB, regulators have increased their focus on operational resilience at banks, including the management of IT risk. The Bank of England and FCA have indicated that they want senior managers to take more responsibility for operational resilience, and their own investigation
