A lot of very old IT infrastructure underpins the banking system
By Feng Li, City University London
A KPMG report warned last year that the next systemic shock to UK banking could come from an as yet unforeseen event, such as a massive payment outage or a cyber attack. Since the IT systems in most banks are complex and some essential parts of these systems are very old, a system outage is almost inevitable. The IT systems that hold up our every financial move are a disaster waiting to happen.
A few days to disaster
In the summer of 2012, a routine software update in India caused an IT meltdown at the Royal Bank of Scotland. As a result, 17 million customers were locked out of their accounts for days. This was followed by a hardware failure in March 2013 that prevented millions of customers from accessing online services and ATMs for hours. While the bank is still under investigation by the Financial Conduct Authority over these incidents, it suffered a third embarrassing system outage on the busiest online shopping day before Christmas last year, followed by yet another IT failure a few days later.
Catastrophic IT failures such as these can lead to financial chaos, create financial hardship for both businesses and families and, if not quickly addressed, may even lead to social breakdowns. If employers are unable to pay employees and people are unable to pay their rents, buy their groceries and medicine or pay for their transport, utilities and credit card bills, social unrest may ensue.
Due to the enormous number of transactions that take place every day in the financial sector, a major bank only has a matter of days to recover after suffering a catastrophic IT failure. If it fails, the backlog of financial transactions would simply become unmanageable, and the bank would be overwhelmed. This is of course an Armageddon scenario, but it is highly probable given that some of the core IT systems used by all UK banks were developed in the 1960s and 70s. We should be prepared for more problems like this to strike in the coming years.
IT legacy systems in UK banking
The term “legacy” in IT describes software applications, operating systems and occasionally hardware and network infrastructure developed and implemented before the early 1990s. Legacy IT systems form the core of a daily processing cycle in UK banking, much of which is still overnight batch-based processing rather than in real time, despite significant technological advances in recent years.
These systems have been at the very core of payments transmission, bank transaction processing and account maintenance and management for more than 40 years. They were initially designed in the 1960s to automate branch accounting, and by the 1970s and 1980s the range of software applications expanded to help banks improve services, reduce costs and speed up transaction and payment processing. Many of these systems remain in operational use today.
New wine in old wineskin
Despite significant annual IT investment by most banks (from hundreds of millions of pounds to multi-billion-pound investments), almost 80% of that investment goes towards maintaining and improving the existing core applications base – including legacy systems. The remaining 20% has historically been devoted to a range of short-term and medium-term IT developments.
Typically, more than half of that 20% is spent on projects that either meet a immediate product or service demand or are needed to respond to new regulatory reporting requirements.
That leaves just 8-9% for medium-term – and occasionally long-term – strategic programmes. To match the astonishing speed of IT development, this level of investment is pitifully inadequate. The impact is most noticeable where game-changing technologies are applied, and is particularly pronounced in retail banking where consumer expectations are changing rapidly. For example, people increasingly expect to have access to a range of banking services not only via their PCs but also via their mobile devices.
For many UK banks the only practical response is to use the legacy systems as a launch pad for new applications. The front-end applications are newly developed but all the back-end processing remains within the legacy system.
Unwilling to change
For most senior banking executives, IT is viewed as a cost. The pressure to reduce cost has led to an increasing dependence on IT outsourcing and offshoring over the past 20 years. Often this process means that systems fail to meet client expectations and many of these projects are questionable in terms of return on investment.
Still worse, IT is often viewed by senior executives as a “basket case”, plagued with missed project deadlines, budget busting overspends and an astonishing track record of project failure. This has often led to an unforgiving bias towards IT which militates against long term investment.
One result is a pronounced lack of economic will by senior executives to sponsor – or even be seen sponsoring – strategic IT initiatives. This is further exacerbated by the short tenure for key executives and CIOs in major banks and frequent structural and personnel upheaval. The outcome is a lack of credible medium to long-term strategic planning for IT in most banks.
The likelihood for any UK banks to overcome the legacy IT degenerative problem at an individual level is very slim. Even some of the new entrants to the market have decided to use licensed IT systems which are essentially legacy applications.
Senior leaders from UK banks need to get together urgently to systematically explore the challenges and opportunities associated with upgrading the IT infrastructure for UK banking. This is not an issue for the IT professionals alone. It is a strategic issue that calls for the full involvement of senior business executives. The alternative is to continue to bury our heads in the sand, waiting for the next inevitable disaster to strike.
Ian Marshall, senior advisor to Sopra Group Financial Services, also contributed to this article.
The views expressed in this article are those of the author and not of Cass Business School.
This article was originally published at The Conversation.
Read the original article.