TSB’s recent IT meltdown resulted in no fewer than 93,700 complaints and a loss of 400 to 500 customers a day.
TSB also admitted more than 1,300 customers had money stolen as a result of its IT problems, with some losing their entire life savings.
Now, the Bank of England and the Financial Conduct Authority have told UK banks that they must explain how they would cope with an IT systems failure or a cyber-attack and they have given the banks 3 months to explain in detail how they would respond to such an event.
Recently, TSB acknowledged that its technology migration failure created an opportunity for criminals to exploit its customers.
The bank’s chief executive, Paul Pester told the Treasury Select Committee, “We saw a very aggressive targeting within one week of the problems. The fraud attack was 70 times the level we were expecting,” he said.
TSB chairman, Richard Meddings added, “The bank is working to compensate any customers who have been defrauded as a result of this.
“No customers will be left out of pocket. We are compensating in full without any desire or attempt to attribute liability.”
TSB’s parent company’s chief operating officer, Miguel Montes of Sabadell Group said he was sorry for the impact on customers.
“We are truly sorry for the damage that we have inflicted on customers,” he said.
The bank has promised to undertake an independent review into what prompted the IT migration failure and how it has been handled.
TSB Chairmen, Mr Meddings added, “It’s really important to find out what went wrong here, we will disclose it and we will act on it and where there is culpability we will act on it.
He added, “If I am found to be culpable then the actions will be attached to me.”
The Bank of England and the FCA have emphasised that senior management at banks will be held accountable for prolonged disruption to services.
The two regulators have launched a consultation seeking the views of customers as well as banks, insurers and other financial institutions.
They have warned that upgrading computer systems to match services provided by newer financial start-ups could lead to service disruption.
In certain conditions, they have suggested that two days is an acceptable limit for disruption to service.
The recent IT failures at TSB and Visa, which caused major problems for customers, have triggered the action by regulators.
In a joint statement FCA chief executive Andrew Bailey and the Bank of England’s Jon Cunliffe, said, “Operational disruption can impact financial stability, threaten the viability of individual firms and financial market infrastructures, or cause harm to consumers.”
If the contingency plans put forward by banks and other financial institutions are judged to be unsuitable, they could be ordered to make their systems more resilient.
They also recently said they are developing a new framework of minimum services that must be provided during IT failures.