'Big Bang': Great for creating the universe, but not as an approach to IT migration, TSB told

Poor testing and supplier oversight to blame for 'unprecedented' cockup

TSB's disastrous migration of its core banking data and payment records of five million customers has today been slammed by an independent report from London City law firm Slaughter and May.

The botched move last year left 1.9 million customers unable to view their accounts, some of whom had money disappear or were able to view other people's details.

The bank had to bring IBM on board to fix the problems.

Consequently, TSB was forced to pay hundreds of millions of pounds in compensation. The bank's former chief executive, Paul Pester, quit his job a few months after the incident.

The 262-page report concluded that there could have been stronger oversight of suppliers when TSB migrated its customers from the Lloyds Banking Group IT Platform to owner Sabadell's equivalent, Proteo4UK, in April 2018.

It also found there were 2,000 defects relating to testing at the time the system went live, but the board was only told about 800.

When Sabadell acquired TSB in 2015, the company said it would shift customers to a new banking platform to cut costs by £160m a year.

In 2018 TSB engaged Sabis, Sabadell's IT arm, as its prime contractor for the programme, taking confidence from Sabadell's previous integration experience, the report said.

The transition involved the management and coordination of services from over 70 third-party suppliers and efforts of over 1,400 people.

It said the move was a "highly complex project" and involved moving the bank from multiple, third-party legacy systems to a single new platform.

"In particular, a key cause of the extent of disruption was that the two data centres, built to support the new platform were, in certain areas, configured inconsistently despite having been specified to be identical. Additional issues around coding and capacity also arose," the report said.

"These technical issues were then compounded by the high volume of customer enquiries as public concern increased – enquiries which exceeded the contingency resources already in place."

It concluded that the scale and pace of the programme were "unprecedented in the UK retail banking sector" with TSB opting for a so-called "Big Bang" approach to implementation.

"An ambitious timetable was set from the beginning. TSB relied on Sabadell's previous experience and various protections that it put into place, but these failed to ensure that the bank do not Go Live before it was ready."

The Proteo4UK Platform was not ready to go live because it had not been sufficiently tested or proved, the report concluded.

An earlier report carried out by IBM similarly found that TSB was not prepared for its core banking platform migration because of inadequate testing.

Richard Meddings, chairman of the TSB Board, said: "On behalf of everyone at TSB, I want personally to apologise again for the service disruption which customers experienced during the spring and summer of 2018.

"I would also like to thank everyone at TSB for their significant efforts and commitment to putting things right for our customers and for getting the bank into the position it is in today.

"When we commissioned Slaughter and May to carry out this review, we specifically asked for a fully independent and thorough inquiry. Although the report doesn't paint the full picture of migration, the Board were absolutely clear that we wanted to be transparent and learn fully from those aspects which went wrong. That is why we have taken the decision to publish this report in full.

"Importantly, TSB has evolved to be a better business than the newly created bank which began the migration project. We have already made major changes as a result of what we have learned, including moving to take direct control of our IT operations. With the leadership of Debbie Crosbie as our CEO, we are now well on track to get TSB back to what it does best: serving customers and bringing better choices to UK banking." ®

Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022