On 13 April 2023, the Prudential Regulation Authority (PRAfined the former Chief Information Officer (CIO) of TSB Bank plc (TSB), Carlos Abarca, £81,620 for failing to take reasonable steps to ensure that TSB adequately managed and supervised appropriately its outsourcing arrangements in relation to its 2018 IT migration programme in breach of PRA Senior Manager Conduct Rule 2 (SMCR 2).

The case is a reminder of the current regulatory focus on operational resilience, as well as financial resilience, and emphasises in particular the key role that senior managers play in ensuring that firms manage and supervise outsourcing effectively.  The decision contains a number of learnings for senior management, and firms, in relation to managing IT migration programmes, and outsourcing arrangements and expectations of senior managers more broadly. These are set out in our new briefing note on the case which can be found here.