Imagine millions of savers logging in to their Premium Bonds and seeing a balance of £0.00.
Now imagine a minister on the Today programme attempting to reassure listeners that their money remains safe because of an HM Treasury guarantee.
The funds would indeed still be backed by the state, but reassurance delivered by a press release is unlikely to soften the experience of logging into your account to find it empty.
This hypothetical scenario is why the Public Accounts Committee’s description of NS&I’s digital modernisation as a “full-spectrum disaster” should concern far more than technology teams, however safe savers’ money may actually be. NS&I manages around 25 million customer accounts and holds hundreds of billions of pounds in public savings. As an agency under the Treasury’s wing, it is a core part of the UK’s financial infrastructure.
UK Parliament found that more than four years into the £3bn programme, NS&I lacked a credible integrated plan, that core elements of the transformation had yet to begin, and that the organisation could not provide clarity on how much had already been spent. The budget had increased nearly threefold, the original deadline was long lost to memory, the government’s own internal assessment had rated the programme “red” for three years running – a surprisingly unambiguous set of warning lights. Yet the organisation ploughed on.
Many of the usual ghosts at the technology programme disaster feast are here. The suppliers aren’t covered in glory, the procurement looks broken, and false certainty in requirement-setting reigns. But the deeper issue is a cultural and institutional one.
Is the complacency of NS&I’s approach due to an implicit assumption that because the cash is ultimately safe, the rest – users’ experience of the service, the trust that is lost or gained as a result – is noise?
NS&I is no one-off. The relaunched Civil Service Pension Scheme, recently transferred to Capita under a new administration contract, left thousands of newly retired civil servants facing significant delays in receiving their pensions. The scheme covers around 1.7 million members. For many, their first pension payment did not arrive on time. Nor did the second, or third. Some have been waiting months. Others described being unable to access online portals or obtain clear information about when payments would start. In several cases, retirees were forced to draw down on savings, family support or emergency loans.
Like the savers, those pensioners will eventually get their money from the government. But they are very unlikely to ever regain any trust in the system.
These two cases reveal deep issues caused, seemingly, by a mixture of wrong-headedness or complacency. But at the root of both is an inability to recognise that financial systems depend on confidence, and those systems must be governed in ways that prioritise protecting that trust.
Bank runs do not begin with insolvency; they begin with doubt. In a hyperconnected environment, doubt spreads quickly. A digital failure scales instantly, is shared widely, and acquires its own narrative before institutions can respond. The risk is not that NS&I is insolvent, but that large numbers of customers experience the system as unreliable at the same time. As more and more of the state’s core financial functions run on software, having the necessary state capacity in place to build digital, resilient services is a core part of an institution’s responsibilities.
The Public Accounts Committee’s frustration with NS&I was not simply about the programme’s cost. It was about a failure to understand. Bruce F Webster coined the phrase “the thermocline of truth” to describe what happens when bad news does not travel upwards effectively. Those closest to delivery see emerging problems clearly, but as information moves through layers of governance, it becomes softened or reframed. By the time it reaches senior leaders, it can appear that everything is broadly on track. That is not a coding or a procurement issue. It is a leadership issue.
We regulate banks’ capital buffers. We stress test financial institutions. We plan for systemic shocks in physical and financial infrastructure. Yet the digital systems through which citizens see and access their money are often governed as if they were merely large IT projects rather than elements of national infrastructure.
When transformation is framed, as NS&I’s was, like a set of ‘big bang’ projects rather than inherent to a state’s capacity, risk accumulates. Long-term supplier arrangements reduce flexibility. Departments without deep in-house technical leadership struggle to challenge assumptions or pivot when reality diverges from the plan. Accountability mechanisms focus on whether processes were followed rather than whether systems are resilient in practice. Large programmes promise executives clarity and scale, and detailed plans provide comfort. But when they are consistently delivering results like these, that is cold comfort indeed.
Treating digital resilience instead as critical infrastructure has practical implications. Transformation should be continuous, not episodic. Breaking change into smaller, testable increments reduces the scale of failure and creates faster feedback loops. Departments need stronger in-house digital, commercial and technical leadership, with experienced operators close to decisions about systems that underpin public money. Reliance on single, long-term supplier arrangements should be reduced where possible to increase adaptability and avoid lock-in. Treasury controls and assurance mechanisms should evolve to reward responsiveness and resilience, rather than simply compliance with an original plan.
Sadly, NS&I is not unusual. The Civil Service Pension Scheme is not unusual. These failures are how citizens experience the state’s financial promises. If the state continues applying a broken method of transformation to the architecture of public financial stability, people will increasingly start to wonder if those promises can be kept.
Confidence in public services is shaped by lived experience. And in a digital state, trust is experienced through software. If users cannot log in, if balances display incorrectly, or if online services falter at scale, public trust is easily lost – and not so easily regained.
Ben Terrett is CEO and co-founder of Public Digital, the global digital transformation consultancy that helps governments and organisations design and deliver modern public services. He was formerly director of design at the Government Digital Service.
