Year after year, surveys indicate that supporting business growth is a top priority for banking IT departments. Yet many years on from the global financial crisis that brought much of the world into recession, waves of legislation continue to hit the shores of IT, adding to an already overwhelming workload and threatening its ability to do much more than 'keep the lights on.'
With the parade of data privacy horror stories continuing to mount, and as a result new legislations introduced, it is clear there is still much to do. So how can the banking industry keep pace with changing regulations whilst remaining on budget?
Micro Focus is a leading provider of innovative software that allows companies to dramatically improve the business value of their enterprise applications through application modernisation, testing and management software.
We spoke to Derek Britton, Director at Micro Focus, to find out how the effective use of technology in the areas of application understanding, software development and test data management can make a huge difference for the IT department in amplifying individual efficiency whilst safeguarding the business.
TechRadar Pro: Why is the banking industry struggling to keep pace with regulatory changes?
Derek Britton: There are a number of reasons why banks are struggling to keep up with regulatory changes. The recent but widespread banking IT failures, in tandem with media amplification of consumer-impacting PPI mis-selling and insider trading has placed pressure on and created a certain level of distrust in the banking industry.
As a result, legislative and regulatory bodies in Britain, Europe and further afield have needed to continue introducing and revising regulations yearly in a bid to cover a variety of issues including data protection, corporate practice and customer protection.
For example, new compliance measures such as ISO27002, Basel III, FACTA and SEPA amongst others have more recently been put in place to ensure banks are providing customers with the right level of protection. Meeting the expectations of multiple regulations can be extremely challenging, as each has their own and different regulatory priorities, and finding and addressing these regulations on time is a significant IT task.
Moreover, recently reported IT failures in the financial services industry have also been attributed to existing IT infrastructures, implying that the technology is outdated and unable to keep pace with customer expectations, though the cause of error is usually not disclosed. Updating an entire IT infrastructure doesn't happen overnight and therefore careful project planning, which can be costly, has added delays to meeting regulatory deadlines.
TRP: Why can't banks just 'rip and replace' outdated infrastructures – it seems an obvious decision to make?
DB: Many banks' IT estates comprise a vast array of complex, interrelated systems and platforms, often encompassing significant mainframe applications, containing decades of business intelligence in millions of lines of code. The cost of supporting such infrastructures is significant, and has not always kept pace with requirements.
According to research by Vanson Bourne, 590 global CIOs and IT directors estimate it would take an average of $11 million (around £7.2 million, AU$14 million) to update their mainframe applications. However, with valuable business intellectual property held in these applications, respondents to the survey expect their organisations to continue relying on mainframe applications for another ten years, with almost a third (32%) believing the timeframe to be longer than this.
Due to mounting IT maintenance backlog, the majority of respondents (81%) find it difficult justifying the expense of updating core applications and only 10% confirmed they are always successful in their justification. As banks may not be replacing or updating their IT infrastructures regularly, they are struggling to keep pace with the changing regulation landscape and as a result, 51% of CIOs surveyed admitted their business is exposed to compliance and risk issues.