National Savings and Investments has long occupied a unique position in British financial life. Backed by HM Treasury, trusted by more than 24 million customers and best known for its Premium Bonds, NS&I has traded on something most institutions would envy – the implicit guarantee that your money is not just safe, but sovereign. That guarantee now looks badly tarnished.
On 26 March 2026, Pensions Minister Torsten Bell addressed the House of Commons to confirm that NS&I had failed to trace accounts belonging to deceased customers on a systematic basis, leaving around 37,500 savers’ estates affected and up to £476 million in deposits unaccounted for[1]. The scale of the failure is extraordinary. Bereaved families had been denied Premium Bond winnings, left waiting months or years for transfers to be processed and, in some cases, forced to hire solicitors simply to recover money that was rightfully theirs[2]. According to Bell, approximately three quarters of the cases relate to the period between 2008 and 2025[1]. NS&I’s chief executive, Dax Harkins, was dismissed the same morning[3].
How data management failures compound grief
The human dimension of this scandal is what makes it so deeply troubling. When a loved one dies, their family faces the emotionally exhausting task of locating, valuing and closing financial accounts – often whilst managing probate, tax obligations and the practicalities of a funeral. The implicit expectation is that the institutions holding those assets will cooperate fully and promptly. NS&I failed at precisely this point.
Reports have emerged of families receiving letters addressed to deceased relatives, compounding their distress[4]. In one case reported by The Telegraph, NS&I failed to inform the daughter of a deceased saver about bonds her mother had owned, and appeared to lose track of £2,000 in Premium Bonds the daughter herself held[5]. In another, a family was forced to spend three years and £20,000 in legal fees to recover missing funds after the bank lost track of two accounts linked to an investment portfolio – an error that also caused the estate to be incorrectly valued for inheritance tax purposes[4].
These are not abstract data quality issues. They are failures that cause real financial harm and immeasurable emotional distress to people at their most vulnerable. They are also failures that, in most cases, stem from the same root cause: Inadequate data governance, poor record-keeping and fragmented systems that cannot reliably link an individual to the accounts they hold. For any organisation managing sensitive personal or financial records – whether a bank, a pension fund, an insurer or a local authority – the NS&I scandal is a case study in what happens when data management is treated as a back-office afterthought rather than a strategic priority.
Project Rainbow and the perils of botched modernisation
The bereavement failures did not emerge in isolation. They are inextricable from NS&I’s troubled digital transformation programme, originally dubbed Project Rainbow, which launched in 2020 with the aim of modernising the bank’s operations and replacing its long-standing outsourcing relationship with Atos[6]. By any measure, that programme has been a catastrophe. Costs have ballooned to an estimated £3 billion, the timeline has slipped by years and the Public Accounts Committee branded the entire initiative a “full-spectrum disaster” in a damning report published in February 2026[6].
The PAC’s findings paint a picture of an organisation that lacked the internal expertise to manage a complex transformation, spent £43 million on consultants without clear accountability and cultivated a “good news” culture that suppressed honest assessments of progress[6]. The core banking engine replacement – the most critical element of the programme – had not yet meaningfully begun. Meanwhile, Atos, NS&I’s previous outsourced operations provider, was itself in financial distress during 2024, adding another layer of instability to an already precarious situation[7].
This is a pattern that will be grimly familiar to anyone who has worked on or around large-scale data migration and system modernisation projects. When legacy systems are deeply entangled with day-to-day operations, attempting to replace them without robust data governance, meticulous planning and genuine internal capability is a recipe for precisely the kind of failures NS&I has experienced. Records fall between systems. Processes that relied on institutional knowledge break down when outsourced or automated without adequate mapping. Customer data that was once retrievable – if imperfectly managed – becomes genuinely lost.
At Dajon Data Management, we see the consequences of poorly planned data migrations regularly. Organisations across financial services, pensions, insurance and the public sector frequently discover that their legacy records are incomplete, inconsistently structured or stored in formats that resist straightforward transfer to modern platforms. The difference between a successful migration and a costly disaster often comes down to the preparatory work: Thorough data auditing, cleansing, reconciliation and the creation of robust governance frameworks before a single record is moved. NS&I’s experience demonstrates what happens when that groundwork is skipped or underestimated.
Data governance is not optional in regulated industries
The NS&I scandal carries implications well beyond the savings bank itself. Any organisation that holds records relating to deceased individuals – pension schemes, insurers, banks, solicitors, local authorities – faces the same fundamental challenge: Ensuring that data remains accurate, accessible and properly linked to the right individuals across the full lifecycle of a customer relationship, including after death.
This is a challenge that intensifies as organisations digitise. Paper records, for all their limitations, have a physical presence that resists being silently lost. Digital records, by contrast, can become orphaned, mislabelled or disconnected from their context with remarkable ease – particularly during system migrations, platform changes or the transition from one outsourced provider to another. The NS&I case illustrates this vividly: Atos, which handled bereavement cases until 2025, has committed to cooperating with the remediation effort[1], but the damage was done during a period when responsibilities were being transferred and systems were in flux.
For regulated organisations, the lesson is clear. Data governance cannot be an afterthought bolted onto a modernisation programme. It must be the foundation on which transformation is built. That means investing in proper data auditing before migration, maintaining clear chains of custody as records move between systems and providers, implementing automated reconciliation processes to catch discrepancies early and ensuring that bereavement and succession processes are designed with the same rigour as customer onboarding.
At Dajon, our work with regulated organisations across financial services, pensions and insurance is built on precisely this principle. From digitising legacy paper archives and ensuring every record is accurately indexed and retrievable, to designing data governance frameworks that maintain integrity through system transitions, we help organisations avoid the kind of failures that have brought NS&I to its knees. Sound data management is not glamorous, but when 37,500 bereaved families are left waiting for money that should never have gone missing, its absence is impossible to ignore.
Trust, once broken
Bell confirmed in his Commons statement that the affected deposits remain safe and that reuniting families with their money does not represent an additional liability to the taxpayer[1]. NS&I has been asked to publish a detailed remediation plan in May, and Sir Jim Harra has been appointed as interim chief executive to lead the recovery[3]. Compensation, where appropriate, will be paid – and critically, the minister confirmed that the onus will be on NS&I to identify and contact affected estates, rather than requiring bereaved families to navigate the process themselves[8].
These are welcome steps. But the deeper damage – to public trust in a state-backed institution, and to the families who spent years fighting for money that should have been straightforwardly returned – cannot be undone by a change of leadership alone. As Zoe Gillespie of RBC Brewin Dolphin observed, NS&I needs to “get on the front foot” to restore confidence among savers and investors[5].
The NS&I scandal is, at its core, a data management failure. Not a cyber attack, not a fraud, not a market crash – a failure to keep track of who owns what, and to ensure that information remained accurate and accessible as systems changed around it. For any organisation holding sensitive records – whether financial, legal, medical or personal – it is a reminder that the unsexy work of data governance, record-keeping and migration planning is not a cost to be minimised. It is the infrastructure on which trust itself depends.
References
- NS&I to pay out millions to bereaved families after ‘operational failure’ MoneyWeek[↩][↩][↩][↩]
- NS&I compensation: Taxpayers could be forced to bail out Premium Bonds bank GB News[↩]
- NS&I boss sacked over £400m savings scandal LBC[↩][↩]
- NS&I compensation: National Savings could be forced to pay out hundreds of millions GB News[↩][↩]
- NS&I ‘set to pay £400 million’ to Premium Bonds holders ‘over failings’ Surrey Live[↩][↩]
- Government bank digital project a ‘full-spectrum disaster’ Computer Weekly[↩][↩][↩]
- NS&I digital modernisation effort ‘a full-spectrum disaster’, says PAC UKAuthority[↩]
- NS&I alert: Premium Bond holders given compensation update GB News[↩]