BNF’s botched upgrade — the final chapter

BNF Bank spent more than €1 million stabilising services after a troubled core-system upgrade in late March that left customers locked out of accounts, unable to make payments and scrambling for answers. That is the picture painted by CEO David Power in an exclusive Times of Malta interview, six months after the migration went badly wrong.

I have covered this story before — examining the technical failures and the bank’s security posture — and this will likely be my final instalment on the affair. My earlier pieces set out the timeline and the phishing fallout; they remain available for readers who want a deeper chronology and the earlier reporting.

What the CEO told the paper

David Power described the project as “massive”: BNF replaced “every single system in the bank” and switched card providers from Visa to Mastercard on the same weekend. He says the bank tested the new platform for 18 months and ran more than 3,500 tests before go-live, but that on the day of the launch “one of our service providers went offline for 24 hours” and other problems cascaded from there. Power insists customers’ funds were never at risk and that the bank’s core banking ledger was not corrupted. He also says the bank has largely stabilised operations and that only a handful of minor issues remain.

Two follow-on facts from Times reporting are worth underlining: the regulator (the MFSA) asked the bank to “take corrective measures,” and BNF set up a “war room” that saw branch footfall spike dramatically as customers sought in-person help. The bank says daily monitoring showed “no abnormal patterns” in deposits or withdrawals after the crisis.

Questions that remain

Power’s interview provides useful detail, but it also raises several unanswered — and important — questions:

Why did prior postponements become a go decision in March? The bank delayed the migration several times to test more thoroughly. What, specifically, changed between the last “No-Go” and the March “Go”? If 3,500 tests were performed, how were those tests scoped, and why did obvious failures (such as issues affecting joint account GDPR handling, which affected some customers) not surface earlier?

How critical was the third-party outage, and why did it trigger an extended fallout? Service provider outages are a known risk on go-live days, but a 24-hour outage alone would not normally be expected to produce weeks of disruption unless that provider was a single point of failure for many downstream components. If so, why was there no fallback or rollback plan? Power says the outage was the first “domino,” but the account leaves open a sequencing and contingency question.

Was a phased migration really off the table? Power argues that moving between different core platforms can make parallel runs infeasible. Yet industry practice often favours staged transitions — coexistence or parallel-running models — precisely to limit blast radius and allow controlled cutovers. Research on core modernisation describes a spectrum of approaches — from big-bang replacements to componentised or coexistence strategies — and highlights that many institutions opt for phased migration to mitigate operational risk. Two-thirds of migrations adopt some form of phased approach in practice. That makes BNF’s claim that a phased approach was not possible a live technical and governance question.

Board and executive accountability. In September BNF announced the resignation of two senior executives — the CFO and the chief commercial officer. The bank described the exits as “unrelated,” while Power said both leaders felt the end of the stabilisation phase was the right moment to move on. From a stakeholder perspective, the lack of clarity here will fuel speculation about responsibility at senior levels.

Lessons and comparisons

Large IT modernisations in banking are inherently risky. The TSB migration in 2018 is the cautionary tale most often cited: that failure left millions of customers locked out and led to multi-million pound fines and redress from UK regulators. Regulators have been clear that banks must organise, control and test migrations — and have resilient outsourcing arrangements — before carrying out disruptive changes. BNF’s issues were smaller in scale and cost, but the TSB precedent shows the reputational and regulatory stakes if mitigation and testing are inadequate.

Power has accepted that changing the card provider on the same day was a tactical mistake and told Times of Malta that combining both projects increased complexity. That acknowledgement is important; it aligns with best practice advice that major changes (core migration, card issuer swap) should be staged unless a clear, well-tested failover and rollback strategy exists.

What I would have liked to see

The Times interview offers candour from the CEO, but some elements are missing from a customer-centric communications perspective:

A sincere, public apology and restitution narrative. The bank has explained the technical causes and the stabilisation cost, but there was no explicit, stand-alone apology to customers in the interview — or a clear description of any redress for inconvenience (beyond saying customers did not abandon the bank). A short, unambiguous apology would have shown accountability and empathy.

A transparent post-mortem summary. Power said an external firm will carry out a full post-stabilisation review. Publishing a high-level summary — scope, findings, concrete remedial actions, timelines — would rebuild public trust and demonstrate learning.

Clearer contingency and outsourcing governance. The third-party outage narrative implies a single point of failure. The bank should publish how it will prevent similar single-points of failure going forward (redundancy, contractual SLAs, playbooks, fallback modes).

Final verdict

BNF’s technical team appears to have fixed the problems and the bank is attempting to move on. But the episode is a reminder that even for small and mid-sized institutions, core modernization is not just a technical project: it is an organisational and regulatory challenge that requires conservative sequencing, exhaustive contingency planning and transparent communication with customers and supervisors. BNF’s admission of mistakes — particularly over the decision to change the card provider in parallel with the core migration — is welcome. What will matter now is openness about the post-mortem, demonstrable fixes to outsourcing and testing practices.

Sources & further reading

Times of Malta. (2025, September 19). BNF Bank spent €1m fixing failed system upgrade, CEO says. https://timesofmalta.com/article/bnf-bank-spent-1m-fixing-failed-system-upgrade-ceo-says.1116433

Times of Malta. (2025, September 30). BNF Bank announces resignation of two top executives. https://timesofmalta.com/article/bnf-bank-spent-1m-fixing-failed-system-upgrade-ceo-says.1116433

Bonnici, A. (2025, May). BNF Bank’s gone-wrong system update. Alan Bonnici. https://www.alanbonnici.com/2025/05/bnf-banks-gone-wrong-system-update_0175945782.html

Bonnici, A. (2025, September). BNF Bank and the gift of phishing. Alan Bonnici. https://www.alanbonnici.com/2025/09/bnf-bank-and-gift-of-phishing.html

Alcazar, J., Baird, S., Cronenweth, E., Hayashi, F., & Isaacson, K. (2024, February 28). Core banking systems and options for modernization. Federal Reserve Bank of Kansas City. https://www.kansascityfed.org/research/payments-system-research-briefings/core-banking-systems-and-options-for-modernization/

MIT Technology Review. (2023, October 23). Seeking a successful path to core modernization. https://www.technologyreview.com/2023/10/23/1082061/seeking-a-successful-path-to-core-modernization/

Dickens, S. (2022, December 22). TSB Bank fined £62M for a failed mainframe migration: A cautionary tale we can learn from. The Futurum Group. https://futurumgroup.com/insights/tsb-bank-fined-62m-for-a-failed-mainframe-migration-a-cautionary-tale-we-can-learn-from/

Flinders, K. (2022, December 20). TSB hit with huge fine after IT migration disaster. Computer Weekly. https://www.computerweekly.com/news/252528519/TSB-hit-with-huge-fine-after-IT-migration-disaster

Wilson, T., & Aguado, J. (2022, December 20). British bank TSB fined £48.65 million over IT platform migration failures. Reuters. https://www.reuters.com/world/uk/british-bank-tsb-fined-4865-million-pounds-over-it-platform-migration-failures-2022-12-20/

 

 

 

 

Comments

Post a Comment

Popular posts from this blog

How to clone and synchronise a GitHub repository on Android

Image
Introduction This project describes how I synchronise my  LogSeq  folder on GitHub on Android devices. I wanted to be able to work on topics in LoqSeq on my Android devices besides my PCs. Most of the screen shots and references relate to LogSeq, but you can adjust them to your needs. The solution described here is one in which the synchonization with the repository will be manual. In this scenario, one would synchronise with the repo before opening the tool (LogSeq in my case) and update the repo again when you're done. The Steps ( skip if you want to jump directly to the actions ) This tutorial describes how to install  Termux  on an Android device.  Termux  is an open-source Android terminal emulator and Linux environment application. After Termux is updated and running, a folder on the Android device is mapped to Termux.  GitHub  is installed, and the repo is cloned to this folder. The Termux folder used for the repo has to be  refle...
Read more

HOWTO setup OpenVPN server and client configuration files using EasyRSA

Image
Introduction OpenVPN allows client computers to tunnel into a server over a single UDP or TCP port securely. This HOWTO article is a step-by-step guide that explains how to create the server and client OpenVPN configuration files that makes this possible. In the process this article explains how to create the public key infrastructure (PKI) so that a client can securely communicate with the server. OpenSSL is the foundation for the security functionality of OpenVPN. For this tutorial you will need the following software: OpenVPN. You can download the latest version of OpenVPN from https://openvpn.net/index.php/open-source/downloads.html EasyRSA is the tool people use to create the Public Key Infrastructure (PKI) for OpenVPN. Download the latest release of EasyRSA from https://github.com/OpenVPN/easy-rsa/releases . There is not installation required. Extract the contents of the archive into a folder. OpenVPN is available on various platforms. The generation of the...
Read more

The complete guide to installing, configuring, and managing Plex Media Server on an Ubuntu Server

Image
Introduction This guide covers how to install Plex Media Server (PMS) on a lower-powered Ubuntu Server. As a long-time Plex Pass user, I created a video titled HOWTO Setup a Plex Media Server (PMS) Appliance back in 2020. While that computer (a laptop, actually) had been running flawlessly, I decided to replace it with a virtualised setup. As part of the upgrade process, I chose to start from the very beginning and document each action I performed. I also wanted to make this tutorial beginner-friendly, allowing anyone to follow along and replicate the steps I describe here. 
Read more