Technological shortcomings continue to haunt the banking sector

An unstable legacy
Large financial institutions are perfect targets for hackers. Not only do they safeguard a vast store of private data and sensitive financial information, but they are often furnished with ageing IT infrastructure. Igor Pejic, Head of Marketing at BNP Paribas’ personal finance arm in Austria and author of Blockchain Babel , a new guide to distributed ledger technology, told World Finance that some banks’ legacy core systems date back to the 1950s and 60s when the technology was first developed. “Legacy systems are the major point of IT failure,” Pejic said.

But when it comes to maintaining systems, programmers who use COBOL are most likely to be between 45 and 55 years old, Reuters found, whereas younger coders use programming languages such as JavaScript and Python, both of which were developed in the 1990s. This means that within a decade, COBOL expertise could be very difficult to come by.

The matter is further complicated by the fact that many banks have created a patchwork system, with layer upon layer of newer tech built on top of ageing core systems. These irregular structures are now often the culprits behind banking outages, as it is very difficult for new IT recruits to follow decades’ worth of complex workarounds unless in-depth knowledge is passed on.

This all creates technical debt, a concept in software development that reflects the additional cost of work caused by taking an easy route instead of a longer-term approach that might be more expensive upfront. When companies take shortcuts, they accumulate technical debt. According to Pejic, this results in more problems in the long run: “The more subtle complexity you have, the more possible bugs or glitches you can have. Eventually [these shortcuts] will end up causing more likely IT failures or… vulnerabilities to hackers.”

Rising to the challenge
Challenger banks have been making headway in the industry since the time of the global financial crisis because of their groundbreaking, tech-led strategies and personalised approach. A 2019 Fraedom survey of banking decision-makers in the US and UK found that nearly half of all respondents thought the biggest barrier to the growth of commercial banks was legacy systems. In response to the rise of nimble and innovative challenger banks, 44 percent expected their organisation to invest heavily in updating legacy systems.

But updating the technology at the core of our financial institutions is even more complicated than maintaining legacy systems. According to the FCA, many of the UK’s tech outages in 2018 were caused by replatforming failures. Pejic compared it to changing a jet engine while in flight: “You cannot just switch it from one day to the other.”

Any move away from legacy systems will create technological issues, including outages. Jones told World Finance : “The outages are… a symptom of a general drive within the industry to innovate, reduce costs, transform digitally (including the move away from legacy systems) and the break-up of banks.”

Some companies do manage to pull off these impressive feats of computer programming: Ant Financial, a subsidiary of China’s Alibaba, is just 14 years old, and already it is on its fifth generation of IT infrastructure. Unfortunately, many financial institutions are not so proactive. Following its study, Accenture said “legacy stasis” is deeply embedded in banks’ boardrooms. Though executives know the pace of technological change is only accelerating, they see the modernisation of systems as being “overly complex, expensive and unacceptably risky”.

It typically takes a “cataclysmic event, like a full-blown outage” to catalyse change, the Accenture report said. “By then, of course, irreparable damage may well have been done.”

A seat at the table
Institutions that want to match Ant Financial’s pace of technological change should employ someone at board level who understands the bank’s IT infrastructure and the current technological environment, such as a chief digitalisation or chief data officer.
“Unless the legacy system is understood fully – with all of its bolt-ons – it’s very difficult to do a lift and shift from a legacy system to a new one. So, transition challenges are really in change management, the system’s features and strategy management,” Jones told World Finance .

According to the FCA’s Megan Butler, who spoke in London last year about tech outages, banks are struggling to recruit the right skills at the top level. “Historically, and for most of my career in this industry, the rock stars of finance were always the alpha traders,” she said at the time. “Today, it’s the CIOs and IT consultants who are in high demand and short supply… meaning the best are difficult to employ and hard to retain.”

At a time when cyberattacks are getting more structured and coordinated, it is clear just how important it is for banks to have the right protections in place. Migrating core systems may be daunting, but it is necessary. At the moment, Jones sees outages as inevitable due to the sector-wide shift towards online products and offerings. “As a matter of fact, we’ve probably not seen the worst of it yet,” he said. The FCA also said it sees “no immediate end in sight to the escalation in tech and cyber incidents”.

Despite this, outages are becoming more concerning due to the criticality of banking services. Banks big and small will be faced with continual challenges as the tech landscape evolves, but as Pejic’s jet engine metaphor makes clear, moving away from legacy systems will be as complicated as it is essential.

Going forward, it appears inevitable that consumers will continue experiencing outages as the industry modernises. Therefore, the banks that recover the quickest and do the most to protect consumer data and security will be the ones to come out on top.