UK financial regulators fine banks nearly £50m for operational resilience failures | Morgan Lewis – Tech and Sourcing | Daily News Byte


The UK Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) announced on December 20, 2022, fines totaling £48.65 million ($59 million) for operational resiliency failures at TSB Bank plc (TSB), due to IT upgrades. Consumers were harmed. Unable to access core banking services.

The bank previously formed part of Lloyds Banking Group in 2014 and was subsequently bought by Spanish banking group Sabadell in 2015. In April 2018, the bank updated its IT system and migrated its corporate and customer service data to the new platform. Provided by Sabadell. Although the data migration was successful, the platform soon experienced technical issues that disrupted TSB’s branch, telephone, online and mobile banking services.

A significant proportion of TSB’s then 5.2 million customers were affected by the problems, which continued until December 2018. During this time, fraudsters saw an opportunity in the confusion and a number of consumers fell victim to the scams. Following the incident, TSB paid £32.7 million ($39.7 million) in redress to its customers.

The FCA imposed its second largest fine of £29.75 million ($36.12 million) for operational failure and the PRA its largest ever fine of £18.9 million ($22.95 million). TSB agreed to settle with regulators, meaning the figures are discounted from the original combined £69.5 million ($84.37 million) that regulators were entitled to impose.

This result will cause concern for any financial service providers looking to make a similar transition to a new IT platform. Therefore, it is important to first understand what regulators felt about TSB’s failures in preparing for and implementing transformative IT change, and then mitigate against those failures.

Regulators recognized that all large-scale and complex IT change management programs inherently carry a high level of operational risk. However, specific problems with TSB migration arise from the following:

  • Failure to properly plan and organize for the transition
  • Failure to implement strong enough regimes to control once-live transitions
  • Failure to responsibly and effectively manage operational risks arising from critical third-party IT outsourcing

It is clear that proper planning and management of IT change management processes, with respect to critical third parties, is key to mitigating against any potential fines imposed by the FCA and PRA.

In April 2021 we reported on UK regulators issuing policy briefs and consultation papers on operational resilience in the financial services sector, reaffirming their focus on operational resilience. It is clear that this is becoming a priority for the FCA and PRA; Now more than ever, it is vital that regulated UK entities invest in and plan for operational resilience.

[View source.]


Source link