The UK’s Prudential Regulation Authority (PRA) said it has fined Carlos Abarca, the former chief information officer (CIO) of TSB Bank plc, £81,620 over the bank’s catastrophic IT meltdown in 2018.
TSB is currently owned by Spain’s Banco Sabadell.
The PRA said Abarca was fined for “breaching PRA Senior Manager Conduct Rule 2 as he failed to take reasonable steps to ensure that TSB adequately managed and supervised appropriately its outsourcing arrangement in relation to its 2018 IT migration programme.”
Abarca agreed to resolve the matter with the PRA and therefore qualified for a 30% reduction in the overall fine imposed by the PRA. Without this discount, the penalty would have been £116,600.
The PRA added: “This follows on closely from the enforcement action taken in December 2022 against TSB for operational resilience failings, which resulted in a joint financial penalty of £48,650,000 imposed by the PRA and Financial Conduct Authority (FCA).
“As CIO of TSB, Mr Abarca had responsibility for TSB complying with the PRA’s outsourcing rules. In particular, he was responsible for TSB’s key outsourcing relationship with its main third-party supplier for the IT migration programme.
“As part of this, he gave assurance to the TSB Board that the third party, as key supplier, was prepared for migration. However, he failed to ensure that TSB had itself obtained sufficient assurance from the third party before doing so.”
Sam Woods, Deputy Governor for Prudential Regulation and Chief Executive Officer of the PRA, said: “Senior managers have an essential role to play in ensuring that firms manage and supervise outsourcing effectively.
“In this case, the PRA has fined Mr Abarca because his management of a key outsourcing relationship fell below the standard we expect.”
The PRA said that in April 2018, TSB updated its IT systems and migrated the data for its corporate and customer services on to a new IT platform.
While the data itself migrated successfully, the platform immediately experienced technical failures. This resulted in significant disruption to the continuity of TSB’s banking services, including branch, telephone, online and mobile banking.
“All of TSB’s branches and a significant proportion of its 5.2 million customers were affected by the initial issues,” said the PRA.
“Some customers continued to be affected by some issues and it took until December 2018 for TSB to return to business-as-usual. TSB has paid £32.7m in redress to customers who suffered detriment.”
The PRA said its investigation found that Abarca breached the PRA’s Senior Manager Conduct Rule 2 because he failed to take reasonable steps to ensure that TSB complied with the PRA Outsourcing Rules.
It said that in particular, Abarca did not:
- ensure that the third party’s ability and capacity were adequately reassessed on an ongoing basis
- ensure that TSB obtained sufficient assurance from the third party in relation to its readiness to operate the new IT platform
- give sufficient consideration to whether further investigation was required before giving assurance to the TSB Board as to the third party’s readiness for migration.