TSB's IT disaster raises a lot of questions. In the M&A context, especially with targets from the financial sector, it clearly prompts the question whether a buyer's IT risk assessment matrix needs to be adjusted. First, in terms of likelihood, as TSB's meltdown is not the first outage of this scale. In 2007, when another Spanish bank, Santander, integrated customers of its UK acquisition, Abbey, to its in-house platform, services were also disrupted. And in 2012, customers of RBS, NatWest and Ulster Bank could not access their funds for a week or more as a result of an IT glitch. These are only the larger cases played out in public. Secondly, adjustment may be needed in terms of the extent of damages, as businesses grow bigger, customers become more numerous and demanding, IT systems become more complex and vital, and legislators as well as regulators become more policing and less forgiving. In 2012, RBS was fined £ 56m by regulators, and that was for a one-week glitch. It remains to be seen what TSB will be fined as its IT outage lasted much longer. But besides the potential fines and the financial losses from the outage, the reputational damage to TSB is enormous and unrecoverable. Social media are aggravating the reputational risks as thousands of angry TSB customers have taken to social media to vent their frustration over the bank's botched IT migration.
Hence, especially in the financial sector, a potential buyer needs to carefully analyze and evaluate the target's IT infrastructure and its contractual set-up (e.g. out- or insourced IT), the system's stability (e.g. by way of hardware and software stress tests), its need for modernization and the risks associated therewith. The buyer also needs to ensure that the necessary protections are built into the acquisition agreement. As sellers will usually not agree to bear (future) risks associated with the buyer's post-closing migration project, the focus should be on ensuring an increased level of comfort on the target's IT status in terms of state-of-the-art programming and documentation, its stability, compatibility, and ability to interact with other systems through interfaces. And last but not least, an interested buyer should be extremely cautious if the acquisition is predicated on large IT cost savings, which depend on the successful implementation of a "horrendous task" such as a large IT migration.