TSB takes ownership of IT and boosts compliance with ServiceNow

TSB Bank set out on an ambitious project last year, creating a new, separate IT function from its parent company, Sabadell. The bank signed a deal with IBM to consolidate its IT operations and also created a new IT centre of excellence in Edinburgh. 

The announcement follows TSB's 2020 pledge to invest £120 million to transform digital channels over the next three years. 

IBM is now in charge of building and managing TSB's private cloud environment, running services across TSB's core banking platforms - with systems management in the hands of the bank itself. And it is this supervision of the bank's technology where ServiceNow's cloud platform is playing a key strategic role. 

We got the chance to speak to Scott McGarvey, Head of Infrastructure Delivery and Service Operations at TSB, about the bank's change in IT operations - specifically regarding how the use of ServiceNow has helped it reduce costs, gain visibility into its systems, and boost regulatory compliance. 

McGarvey said that when TSB set up the operating model with IBM, along with the likes of BT and Rackspace, it adopted a SIAM approach, which essentially makes the bank the service integrator. As such, it was important that TSB had a platform that could let it effectively manage its IT, with strong visibility and control. McGarvey said: 

ServiceNow had all the capability we needed. With TSB bringing IT back in house, we didn't have very many tools. ServiceNow has this enormous range of functions available, and when we choose a cloud platform it has to do as much as possible. Part of our strategy is to have fewer cloud partners that can do a lot for us. 

TSB was also able to consolidate many of the tools it did have into the ServiceNow platform, which will be accelerated during a phase two rollout happening this year, which is helping to reduce the bank's costs. 

Going all in

TSB began its partnership with ServiceNow back in August and deployed within a rapid timeframe, going live in mid-November. It went live at the same time as IBM took over running the bank's IT, which was a strategic priority for the leadership. Doing so meant having visibility from day one on what IBM is doing, as well as being able to integrate with them on incident, problem and change management. McGarvey said: 

In some respects we had to get ServiceNow up and running [in that timeframe], and that gave us the senior sponsorship to get unstuck on certain things. 

You can achieve this quickly. It comes back to staying out of the box, keeping it simple, making sure people are really educated on how to give requirements, and capturing things properly, as well as highlighting user stories. 

In terms of how ServiceNow is being used on a daily basis at TSB, an example would be the bank receiving integrations or requests coming in from IBM, which are then directed through to the right teams and governance boards, who are managing the overall risk for TSB. In addition to this, TSB has integrated DynaTrace, which along with ServiceNow ITOM, is helping to instantly see and respond to events and alerts across the entire IT estate. 

This means that within 20 minutes, if there's a problem with an area of the digital platform, an automated incident is created with a service map, highlighting the likely parts of the business that have been affected. McGarvey said: 

We are starting to resolve incidents in one to two hours, whereas before the disparate nature of the systems meant that things like that could go on for hours. 

Phase two of TSB's use of ServiceNow will see Computacenter use the platform natively too, as it runs the bank's contact centre. This will allow TSB to have all ticketing for the bank in one system - so that if, for example, Computacenter wants a new file share set up for a user, they can make a request that will flow all the way through to IBM to provision, and then come back to the TSB user to check. 

Furthermore, TSB will be using the platform to manage the ordering of servers, or storage, which is still currently done in spreadsheets and other similar tools. However, McGarvey sees the use of ServiceNow becoming much broader in the future. He said: 

We are in advanced discussions on various other elements of it - for example, the infosec or security module. We're developing that business case and we are starting a proof of concept on that. We've been looking again at GRC, which is the governance, risk and compliance module. And also the project management module, which we're going to do a pilot on quite soon. We are actually looking at almost every module. 

A data model that aids compliance

Unsurprisingly, given TSB is a financial services company, there are huge regulatory and compliance hurdles to overcome, in order to ensure the safe delivery and protection of services to its customers. McGarvey said that ServiceNow has helped with this too, as its platform promotes a strict common data model, as well as enhanced visibility into the stability of its systems. He said: 

I don't think there's a conflict between staying out of the box and meeting the regulatory requirements. In actual fact building a really good CMDB and a really good data model helps you with regulatory requirements. The regulator wants to see it through the lens of your services. Can you map your critical suppliers? Can you point to the infrastructure and show it is in support? You would think that regulation could make it harder and more complex, but actually the more you stick to good principles, the easier it is to comply with regulation. 

And in terms of assessing the platform's ROI, compliance played a key role here too. McGarvey added: 

The return on investment of this year's business case is 11 months. The investment committee was very happy about that, because anything that has in-year payback tends to get approved. But it was a strategic imperative to do it because we needed control and visibility. 

TSB is very keen to show the regulator that we can manage the IT and that we can prove that. After phase one, we automated 37 of our IT controls within ServiceNow, which previously took a long time to evidence every year to our auditor, to prove that we knew what was happening with change, with incident, and that root causes were being followed up on. That's now automated all through dashboards.