The board of TSB has been accused of a lack of “common sense” in the run-up to IT failures that left up to 1.9 million customers unable to bank online, some for several weeks, in April 2018.
An independent report into the incident by law firm Slaughter and May blamed both TSB and IT provider Sabis.
Customers were moved on to a new system, but the report said it had not been tested properly before going live.
It found that the tests only took place offline and not in a live environment.
It said that TSB accepted that had tests been run across both systems, it might have been able to identify the issues which affected customers before they happened.
“We have concluded that the new platform was not ready to support TSB’s full customer base and Sabis was not ready to operate the new platform,” the report said.
“While the TSB board asked a number of pertinent questions… there were certain additional common sense challenges that the TSB board did not put to the executive.
“These included why it was reasonable to expect that TSB would be ‘migration ready’ only four months later than originally planned, when certain workstreams were as much as seven months behind schedule.”
The report also said that there were more than 2,000 defects relating to testing at the time the system went live, but the board were only told about 800.
Other failings by TSB that it identified included setting “unnecessary” time constraints, which did not understand the complexity of the project, and being dishonest about the reasons for delays.
TSB is part of the Spanish banking group Sabadell and its in-house IT provider Sabis built the system.
The IT failure has cost TSB a total of £370m for customer compensation and to cover expenses for the inquiry by Slaughter and May.
Some TSB customers were exposed to “opportunistic” fraud attacks, which peaked at levels that were about 70 times higher than usual.
TSB executive chairman Richard Meddings said: “Slaughter and May’s report sets out a number of findings on aspects of the planning and preparation for migration which they believe could have been done differently.
“In light of the disruption customers experienced, TSB has made important changes to enable the bank to rebuild – including to leadership and management structures, as well as the decision to take direct control of its IT operations.
“Importantly, TSB has long since compensated every eligible customer who was impacted by the disruption.”
TSB’s former chief executive Paul Pester, who quit his job a few months after the incident, said: “If these findings are right, Sabis rolled the dice by running tests on only one of TSB’s two new data centres and this decision was kept from me and the rest of the TSB board.
“The report explains that this made it impossible for the TSB board to anticipate the serious problems experienced by many customers who could not access their accounts.
“Obviously, if we had been aware of Sabis’s shortcuts in the testing programme, the TSB board and I would never have pressed ahead with switching to the new system at that time.”
The Slaughter and May report was commissioned by TSB. Another joint report by two regulators, the Financial Conduct Authority and the Bank of England’s Prudential Regulation Authority, will be published at a later date. Those regulators have the power to fine and reprimand businesses and individuals.