In late April of this year, the British bank TSB moved millions of customer accounts from the systems of Lloyds Bank, which has hosted them since TSB was separated from Lloyds, to a new core banking platform of its current owner, Spanish bank Sabadell. According to an IT professional who worked at Lloyds Bank before, during and after the original integration of TSB, such a migration is a "horrendous task". According to the Guardian, Sabadell's takeover of TSB was predicated almost entirely on the £100m savings to be made from cutting TSB free from the £214m-a-year bill it had to pay Lloyds for continuing to run the bank's accounts. Unfortunately, the migration ended in disaster. As a result of yet-unspecified problems, TSB's customers were locked out of their accounts and experienced money disappearing from accounts; some were even able to see other customers' accounts. These service failures continued for more than ten days.
TSB's IT disaster raises a lot of questions. In the M&A context, especially with targets from the financial sector, it clearly prompts the question whether a buyer's IT risk assessment matrix needs to be adjusted. First, in terms of likelihood, as TSB's meltdown is not the first outage of this scale. In 2007, when another Spanish bank, Santander, integrated customers of its UK acquisition, Abbey, to its in-house platform, services were also disrupted. And in 2012, customers of RBS, NatWest and Ulster Bank could not access their funds for a week or more as a result of an IT glitch. These are only the larger cases played out in public. Secondly, adjustment may be needed in terms of the extent of damages, as businesses grow bigger, customers become more numerous and demanding, IT systems become more complex and vital, and legislators as well as regulators become more policing and less forgiving. In 2012, RBS was fined £ 56m by regulators, and that was for a one-week glitch. It remains to be seen what TSB will be fined as its IT outage lasted much longer. But besides the potential fines and the financial losses from the outage, the reputational damage to TSB is enormous and unrecoverable. Social media are aggravating the reputational risks as thousands of angry TSB customers have taken to social media to vent their frustration over the bank's botched IT migration.
Hence, especially in the financial sector, a potential buyer needs to carefully analyze and evaluate the target's IT infrastructure and its contractual set-up (e.g. out- or insourced IT), the system's stability (e.g. by way of hardware and software stress tests), its need for modernization and the risks associated therewith. The buyer also needs to ensure that the necessary protections are built into the acquisition agreement. As sellers will usually not agree to bear (future) risks associated with the buyer's post-closing migration project, the focus should be on ensuring an increased level of comfort on the target's IT status in terms of state-of-the-art programming and documentation, its stability, compatibility, and ability to interact with other systems through interfaces. And last but not least, an interested buyer should be extremely cautious if the acquisition is predicated on large IT cost savings, which depend on the successful implementation of a "horrendous task" such as a large IT migration.