Legacy IT: the challenges faced by banks
With banks increasingly under pressure from regulation and new entrants to the market, their IT systems may not at first glance appear to be a… Read more
With banks increasingly under pressure from regulation and new entrants to the market, their IT systems may not at first glance appear to be a primary concern. However, the problems posed by aging legacy IT estates can have a big impact on a bank’s ability to meet its regulatory requirements and continue to provide a high standard of service.
The Bank of Ireland (which currently spends €400 million a year on IT) and Harrods Bank are among the latest institutions to have announced further plans to replace their legacy IT systems.[1] Such programmes are expensive and can carry significant risks, often being likened to attempts to rebuild an aeroplane mid-flight.
In this short article, we consider the challenges posed by banks’ legacy IT systems and some of the options for addressing them.
The challenges
As new systems and applications are bolted on to an aging system, the complexity of operating and maintaining those systems increases. The following are some of the risks that follow from this increased complexity and outdated technology:
- Downtime: With greater complexity comes an increased risk of downtime which not only causes issues for existing customers, but can lead to regulatory fines and reputational damage. In recent years, there have been a number of high profile incidents where regulators have fined UK retail banks as a result of IT failures that prevented customers from accessing funds or caused payments to be missed.
- Staff: As legacy systems age, so do the staff who understand how they operate. As these staff retire, it is increasingly difficult for banks to train new staff in how to operate the outdated technology.
- Customer risk: Disparate legacy systems make it more difficult for banks to assess and price risk. Challenger banks with new IT systems can track customer profiles more easily and are better able to assess risk and identify sales opportunities.
- Systemic risk: The regulatory requirements on banks have dramatically changed over the lifetime of banking legacy IT. Banks must now assess risks in many different forms both locally and bank-wide. Legacy systems were not designed to meet the current regulatory requirements, and so this analysis must be done manually.
- Cost: The above all leads to increased costs, both for maintaining the existing hardware and pool of staff on the one hand, and integration and development costs on the other hand for any new technology that the bank requires.
- Innovation and business change: Increased costs and complexity make innovation all the more difficult. This means banks are slow to market with innovations and may be missing growth opportunities thrown up by recent fintech developments. Even the CMA has begun imposing technological remedies, with the requirement for retail banks to introduce open APIs by early 2018 (see our article here for more information on the CMA’s report).
“Bank in a box”
Building a new core banking platform from scratch can be incredibly expensive, and of course there is the risk of downtime from teething troubles as systems are switched over. The “bank in a box” approach may, therefore be an appealing alternative, where providers can offer a tried and tested platform (often hosted in the cloud).
For challenger banks, a core banking platform provided as a “bank in a box” over the cloud is a logical first step, but equally established banks like the Bank of Ireland are looking to replace legacy systems with cloud services.
The key benefit of outsourcing systems to a third party cloud provider is typically seen to be the cost. However, for a bank struggling with legacy IT systems, the operational benefits of moving to a cloud arrangement may be equally attractive as the provider is responsible for maintenance and may also offer further releases building on fixes and enhanced developed from working with its other customers.
However, banks will need to be comfortable that if they are purchasing a package from a single vendor, that the vendor in question has sufficient expertise and quality in all areas. If not, then an alternative multi-vendor model may reintroduce complexity as the customer bank will need to carefully consider how it wishes to manage roles and responsibilities across the different vendors.
In addition, the customer banks must be confident in the strength of the box’s walls, and be able to demonstrate to the regulator that systems, data and personnel are sufficiently segregated and secure.
The regulators’ view
The FCA has traditionally been sceptical of the suitability of third party cloud services for core functions (see our article here for more information on the FCA’s latest guidance), but as the market develops banks may increasingly look to move certain elements of their IT systems to a cloud provider.
Of course, any outsourcing involving core systems will be subject to regulatory scrutiny. Indeed, the FCA has recently given Aviva an £8.2 million fine, in the first Client Assets Sourcebook (CASS) case in relation to oversight failures of outsourcing arrangements.
Bank as venture capitalist
In the meantime, the larger banks are in some cases acting as quasi-venture capitalists by purchasing fledgling fintech companies and operating start-up accelerators. This approach has the advantage of preserving the manoeuvrability and rapid development of start-ups without necessarily having to worry from the start about integrating their product with the bank’s existing platform whilst at the same time giving the bank access to innovation and a pool of talent.
This approach is starting to bear fruit for blockchain technologies, where UBS is leading a consortium of banks to develop a system for making payments and settling transactions quickly, reliably and with a clear audit trail.[2] This follows on from UBS’s work with London fintechs as part of its “innovation lab”.[3]
Leaving a legacy
New technologies such as blockchain promise a bright future for the fintech sector, but they are unlikely to remove the need for banks to address the issues posed by their legacy IT. Banks will need to carefully balance risk mitigation with innovation and customer service, and there will be a point for each institution at which the benefits of moving to a new core banking platform outweigh the risks of adding incrementally to their existing IT estate.
Share this blog
Chris Hill is a commercial technology partner and the fintech lead
Share this Blog
- Adtech & martech
- Agile
- Artificial intelligence
- EBA outsourcing
- Brexit
- Cloud computing
- Complex & sensitive investigations
- Connectivity
- Cryptocurrencies & blockchain
- Cybersecurity
- Data analytics & big data
- Data breaches
- Data rights
- Digital commerce
- Digital content risk
- Digital health
- Digital media
- Digital infrastructure & telecoms
- Emerging businesses
- Financial services
- Fintech
- Gambling
- GDPR
- KLick DPO
- KLick Trade Mark
- Open banking
- Retail
- SMCR
- Software & services
- Sourcing
- Travel