Unmanaged change remains the primary driver of customer disruption. How confident are you that your IT changes will deliver the expected outcomes?
With the latest TSC release now available, we expect that Executive Committees (ExCos), Boards, Audit Committees, Board Risk Committees, and regulators will be closely analysing its insights.
Our Key Takeaways From the Release
1. The Growing Volume of IT Change:
- Organisations are navigating an increasing volume of IT change as they digitise services, integrate third-party providers, and modernise legacy technology.
- Change is one of the biggest causes of operational incidents, and the regulators are one of the biggest causes of change.
2. The Impact of Failed IT Change:
- The number of reported IT failures to the regulators appears to have increased since the last full TSC 2019 report. This may be due to improved reporting and oversight now in place at firms and / or more change ongoing.
- However, the customer impact resulting from a single incident appears reduced (e.g., when compared to TSB and Visa cases) – this is likely due to many firms adopting more iterative approaches to change, as well as strengthened incident and crisis management capabilities when it does go wrong.
- Failed change activity, third party failure (this could include cyber incidents) and software malfunction continue to be the common causes (note not a single cyber-attack on a firm).
- Although legacy systems can be stable, they remain fragile when change needs to be made.
3. Market Differentiation:
- Operational resilience is no longer nice-to-have —it’s a necessity. Failing to get it right isn’t just a competitive disadvantage; it’s an existential risk that can severely damage reputation.
- The price of failure is only increasing – Barclay’s £12.5m estimated customer compensation is significantly higher than previously seen.
- The regulators continue to demonstrate an appetite to promote operational resilience, improve the accuracy of incident reporting, investigate significant incidents and encourage customer compensation / redress.
Conclusion
The latest TSC release reinforces what we already know – unmanaged IT change remains a leading cause of customer disruption, and its risks are only increasing as firms continue to digitise, modernise, and respond to regulatory demands. While progress has been made in managing IT change-related incidents, the cost of failure is rising, making resilience more critical than ever. Now is the time for firms to assess their change management strategies, strengthen risk controls, and ensure they can adapt without disruption. A proactive, well-controlled approach is no longer optional – it’s essential for long-term success.
How DCR Partners Can Help
If you're looking to strengthen your first-line risk and control framework, starting a change initiative that impacts your Important Business Services (IBS), or delivering a complex portfolio of IT change, we’d be happy to support you with expert insights and guidance. Get in touch today!
