TSB’s IT disaster pinned on ‘big bang’ approach to migration
There was a lack of oversight on the ‘unprecedented’ migration, but the bank has hit back against the report
Last year's TSB IT failure can be pinned on the bank's single-event approach to migrating records onto a platform that wasn't ready, run by a supplier that wasn't fit to operate it, it has been claimed.
Independent investigators from law firm Slaughter and May have concluded that TSB's aims to migrate five million customer records onto a 'state-of-the-art' system in 2018 was unprecedented in the UK and incredibly complicated. For instance, the design, build and testing of the Proteo4UK system, developed by SABIS, involved the work of over 70 suppliers and more than 1,400 people.
Moreover, there was also a lack of robust testing with regards to the new system, dubbed Proteo4UK, and TSB also lacked sufficient oversight over its suppliers, according to the near 300-page report prepared by legal firm Slaughter and May.
Ultimately, however, blame can be attributed to the 'big bang' approach TSB took to the IT migration, without considering the potential risks and pitfalls.
"The TSB board understood that the programme was a significant undertaking," the report concluded. "However, there were gaps in the TSB board's understanding of the Proteo4UK platform's scope and complexity, particularly regarding the extent of the new software being developed to support TSB's digital, telephone and branch channels.
"In addition, the TSB Board did not understand the extent to which SABIS' experience was different from what was required to design, build, test and operate the Proteo4UK platform.
"Had the TSB board sufficiently understood these things, we expect that it would have acted differently at key points of the programme."
TSB's decision to embark on the migration to the new system through a 'big bang' approach, as opposed to a phased approach, played a key part in the IT failure, the report found.
The bank had aimed to complete the migration of five million records over a single weekend in late April of last year but ran into significant problems.
Customers experienced difficulties accessing services and communicating with TSB, as well as having major problems in TSB branches.
These technical issues continued for a number of days and customers were even left vulnerable to opportunistic fraud attacks, which were measured at 70 times higher than usual levels at their peak.
A single-event migration is generally considered the fastest, cheapest and least complex way to embark on such a digital transformation task. If an organisation does opt for this method, however, it's critical that all the risks are understood, and the new system is robustly rested before it's put live to all customers.
The firm did not consider whether or not this was the right approach against the alternative options, the investigators concluded. Neither did the bank consider what the risks were, or how the risks could be mitigated.
The board did not substantively discuss the choice made, it was found, and neither the board nor the executive sought advice from external advisors.
TSB disagrees with a number of aspects of the report, and has highlighted in particular that its own analysis shows a key cause of the extent of the disruption was due to a technical error with two data centres that were built to support the new platform.
These two data centres were configured inconsistently despite having been specified to be identical, with additional issues around coding and capacity also arising. The technical issues were also compounded by the high volume of customer enquiries.
The bank has conceded that planning and preparation could have been done differently, but that it's made crucial changes to the way leadership is organised, and has also brought its IT operations under direct control. TSB has also claimed its digital capabilities today are strong.
"On behalf of everyone at TSB, I want personally to apologise again for the service disruption which customers experienced during the spring and summer of 2018," said the chairman of the TSB board Richard Meddings.
"When we commissioned Slaughter and May to carry out this review, we specifically asked for a fully independent and thorough inquiry. Although the report doesn't paint the full picture of migration, the Board were absolutely clear that we wanted to be transparent and learn fully from those aspects which went wrong.
"Importantly, TSB has evolved to be a better business than the newly created bank which began the migration project. We have already made major changes as a result of what we have learned, including moving to take direct control of our IT operations.
"With the leadership of Debbie Crosbie as our CEO, we are now well on track to get TSB back to what it does best: serving customers and bringing better choices to UK banking."
Business leaders have previously suggested that 'big bang' approaches to IT migration are one of the key reasons why digital transformation projects in the UK fail.
Speaking at the CBI's 2019 annual conference, ABB CEO Ian Funnell suggested British firms should look to the phased approach that French companies often take.
The Slaughter and May report is one of many that have been commissioned into the severe shortcomings at TSB during the IT meltdown last year.
The Treasury Select Committee, now suspended due to the general election, had been taking evidence with a view to publishing its own report into the outage. Both the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) have also embarked on an investigation, which is ongoing at the time of writing.
"Our investigation with the PRA into the events at TSB is wider in scope than the Slaughter and May review," an FCA spokesperson told IT Pro. "We are well advanced, but as is our usual practice we can't confirm precise timing while the investigation is still underway.
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now