UAE Bank. IBM audit closed through sub capacity defense.

A UAE bank closed an IBM audit that opened at full capacity PVU across its production and disaster recovery estate. ILMT remediation and sub capacity defense did the work.

Why did IBM audit the UAE bank?

IBM audited the bank because a growing virtualized estate, fragmented ILMT coverage, and a large disaster recovery footprint made the account a high yield audit target. The estate spanned Db2, WebSphere, MQ, and Cognos across Middle East operations.

Banking estates carry a structural audit multiplier: regulators require standing DR capacity, and auditors read every DR host as licensable unless the customer proves otherwise.

• Audit profile: virtualization growth without matching ILMT discipline.
• Claim anchor: full capacity PVU across production and DR clusters.
• Sensitivity: audit timing pressed against a regulatory change program.

How did disaster recovery inflate the IBM claim?

The auditor counted standby DR hosts as fully licensable, which alone carried a large share of the opening claim. IBM's licensing rules distinguish cold, warm, and hot standby, and the distinctions decide whether a DR core bills at zero or at full PVU.

What evidence reclassified the DR estate?

Failover runbooks, replication configurations, and hypervisor logs proved most DR hosts sat cold or warm. The reclassification removed the largest single block of the opening claim before the PVU arithmetic was even contested.

How was the audit claim defended and closed?

The defense ran the standard sequence: stabilize ILMT, rebuild the deployment baseline from hypervisor data, consolidate Passport Advantage entitlements, and contest the full capacity default as a curable reporting gap rather than a license breach.

1. Remediate ILMT coverage across every host running IBM software.
2. Classify each DR host with documentary evidence of its standby mode.
3. Reconstruct sub capacity high water marks from hypervisor logs.
4. Net the corrected deployment against the consolidated entitlement baseline.
5. Negotiate closure on the residual gap with a forward compliance plan.

How long did the audit take to close?

The defended timeline ran under a year from notice to settlement. Control of the data flow, agreed scope, and a single negotiation channel kept the process inside the bank's regulatory calendar rather than the auditor's.

What was the commercial outcome for the bank?

The audit closed at a small fraction of the opening claim, with sub capacity eligibility restored and documented going forward. The bank avoided retroactive full capacity fees and declined the enterprise bundle positioned as a settlement vehicle.

• Claim reduction: the settled figure landed far below the opening position.
• DR posture: standby classifications are now documented as a standing control.
• Governance: quarterly ILMT reporting with named ownership survived the audit.

What should regulated IBM customers do differently?

Document the DR estate before anyone asks. A classification file maintained alongside the failover runbook costs little and removes the audit multiplier that regulated industries otherwise hand the publisher.

Where the common advice on IBM audits in banking is wrong

The standard advice tells regulated customers to settle IBM audits quickly and quietly, because a drawn out dispute invites regulatory attention. We disagree. In roughly 20 to 30 IBM engagements Fredrik Filipsson advised in 2024 to 2025, the banks that defended on evidence closed faster than the ones that rushed to pay, because a documented DR classification and a clean ILMT baseline collapse the claim instead of negotiating it. Speed comes from facts, not from concession. The buyer side move is to invest the first sixty days in the deployment record and let the evidence set the settlement pace.

What the engagement data shows

Three cuts of our advisory engagement file frame the size of the opportunity.

What to do next

Five moves turn this analysis into a lower invoice on the next renewal.

A sequence you can run this quarter

1. Classify every DR host as cold, warm, or hot with documentary evidence.
2. Verify ILMT coverage across production and DR environments alike.
3. Archive quarterly ILMT reports with named ownership.
4. Consolidate Passport Advantage entitlements into one baseline.
5. Rehearse the audit response sequence before any notice arrives.
6. Keep settlement and renewal negotiations in separate channels.

White Paper · IBM

Defend an IBM Audit: The Full Buyer Side Playbook

Defend an IBM audit end to end: triage the claim, fix ILMT gaps, sample sub capacity, and turn a bad finding into a renewal you control. Read it free.

Read the white paper

Frequently asked questions

What made the IBM audit claim against the UAE bank so large?

Full capacity PVU counting from ILMT gaps plus DR hosts treated as fully licensable. The two multipliers stacked, and together they drove most of the opening claim value.

Are disaster recovery servers licensable under IBM rules?

It depends on standby mode. Cold standby is generally not licensable, warm standby is licensable under specific conditions, and hot standby bills in full. Auditors default everything to hot unless evidence says otherwise.

How was the bank's sub capacity position restored?

Through ILMT remediation and hypervisor log reconstruction that evidenced actual virtual core allocation, presented as a curable reporting gap rather than a contractual breach.

Did the bank sign a larger IBM agreement to settle the audit?

No. The audit closed as a standalone settlement, and the bank kept its renewal calendar and negotiation leverage intact.

How can banks reduce IBM audit risk before a notice arrives?

Maintain ILMT discipline, document DR classifications alongside failover runbooks, and keep a consolidated entitlement baseline. Those three controls remove the multipliers audit claims rely on.