Year after year, surveys indicate that supporting business growth is a top priority for banking IT departments. Yet many years on from the global financial crisis that brought much of the world into recession, waves of legislation continue to hit the shores of IT, adding to an already overwhelming workload and threatening its ability to do much more than 'keep the lights on.'
With the parade of data privacy horror stories continuing to mount, and as a result new legislations introduced, it is clear there is still much to do. So how can the banking industry keep pace with changing regulations whilst remaining on budget?
Micro Focus is a leading provider of innovative software that allows companies to dramatically improve the business value of their enterprise applications through application modernisation, testing and management software.
We spoke to Derek Britton, Director at Micro Focus, to find out how the effective use of technology in the areas of application understanding, software development and test data management can make a huge difference for the IT department in amplifying individual efficiency whilst safeguarding the business.
TechRadar Pro: Why is the banking industry struggling to keep pace with regulatory changes?
Derek Britton: There are a number of reasons why banks are struggling to keep up with regulatory changes. The recent but widespread banking IT failures, in tandem with media amplification of consumer-impacting PPI mis-selling and insider trading has placed pressure on and created a certain level of distrust in the banking industry.
As a result, legislative and regulatory bodies in Britain, Europe and further afield have needed to continue introducing and revising regulations yearly in a bid to cover a variety of issues including data protection, corporate practice and customer protection.
For example, new compliance measures such as ISO27002, Basel III, FACTA and SEPA amongst others have more recently been put in place to ensure banks are providing customers with the right level of protection. Meeting the expectations of multiple regulations can be extremely challenging, as each has their own and different regulatory priorities, and finding and addressing these regulations on time is a significant IT task.
Moreover, recently reported IT failures in the financial services industry have also been attributed to existing IT infrastructures, implying that the technology is outdated and unable to keep pace with customer expectations, though the cause of error is usually not disclosed. Updating an entire IT infrastructure doesn't happen overnight and therefore careful project planning, which can be costly, has added delays to meeting regulatory deadlines.
TRP: Why can't banks just 'rip and replace' outdated infrastructures – it seems an obvious decision to make?
DB: Many banks' IT estates comprise a vast array of complex, interrelated systems and platforms, often encompassing significant mainframe applications, containing decades of business intelligence in millions of lines of code. The cost of supporting such infrastructures is significant, and has not always kept pace with requirements.
According to research by Vanson Bourne, 590 global CIOs and IT directors estimate it would take an average of $11 million (around £7.2 million, AU$14 million) to update their mainframe applications. However, with valuable business intellectual property held in these applications, respondents to the survey expect their organisations to continue relying on mainframe applications for another ten years, with almost a third (32%) believing the timeframe to be longer than this.
Due to mounting IT maintenance backlog, the majority of respondents (81%) find it difficult justifying the expense of updating core applications and only 10% confirmed they are always successful in their justification. As banks may not be replacing or updating their IT infrastructures regularly, they are struggling to keep pace with the changing regulation landscape and as a result, 51% of CIOs surveyed admitted their business is exposed to compliance and risk issues.
Updating any long-standing core applications to ensure compliance has its own related challenges. This may include missing code documentation, concerns over internal resourcing, and data privacy risks. These challenges have led to a melting pot of complexity that has seen banks increase spend simply to 'keep the IT maintenance lights on.' JP Morgan recently announced that in order to support compliance demands it had grown its IT spend by 27% since 2011.
However, whilst the cost of updating such systems seems high, it is far more costly and prohibitively risky to rip out these systems and replace them with something else. In order to best support compliance requirements, banks need to consider a modernisation strategy that helps them to continually but gradually change and update their core business applications through software development and testing to keep up with business demands.
TRP: Why should banks go beyond 'keeping the lights on?'
DB: Spending on basic IT maintenance backlog and compliance does not move the business forward, yet it consumes the overriding majority of IT budget. Customers are demanding more business functionality, covering innovative technology such as cloud, mobile and new IT architecture. This new generation of customer is forcing banks to look hard at their IT strategy and how to reduce expenditure on maintenance so that they can invest in innovation.
However, minimising IT compliance spend can be difficult. The legal imperatives and regulations facing the banking world today are accompanied by unmovable deadlines and threats of punitive measures. HSBC, for example, was forced to a pay a $1.9 billion (around £1.25 billion, AU$2.4 billion) anti-money laundering fine last year. With deadlines usually locked and loaded, associated projects become high priority "must-haves" and budget "must-spends."
TRP: What IT development challenges do banks come across when attempting to meet regulatory deadlines?
DB: A lack of visibility into the applications, testing and coding can all add to the complexity of updating applications.
Understanding where to make changes can prove difficult, especially when up-to-date application documentation is missing. This impacts on how quickly in-house or outsourced developers are able to identify specific areas of code impacted by the compliance change. In-house regulations such as coding guidelines, standards adherence and quality metrics, and 'routine' change projects, are equally and arduously resource intensive.
The process of testing applications must also be carefully handled to avoid introducing new IT failures and breaching existing regulations. Testing can risk divulging personal employee information: a key element in de-risking IT to comply with new regulations is ensuring that applications are released and updated without the introduction of errors.
Whilst this is fairly well understood in the industry, many do not understand the fact that using production data to test those applications is a bad idea. A 2009 survey of over 1,300 US and UK development professionals revealed an overwhelming majority of respondents, including 80% of US respondents, use copies of production data for application testing purposes.
Test data can contain sensitive customer data, including passwords, which if pulled from company personnel for testing requirements, can place banks in non-compliance territory. Personal data leaked through a testing process not only breaches best practices but can represent a very high-profile failure in terms of regulatory compliance.
As the bare necessity, developers must rely on the code itself to help them understand where to make their changes. As many core banking applications have been written in COBOL thirty or more years ago, the original authors may have long since moved on taking the coding knowledge of the application with them.
TRP: How can a modernisation strategy improve compliance?
DB: IT leaders need a modernisation approach to compliance that will drive efficiencies and reduce cost in order to future-proof the banking industry. IT automation and application portfolio management to improve efficiency will be key.
Using automation technology can create repeatable, effective steps for updating software when faced with the above challenges. In doing so, banks are able to create a balance between 'lights on' and innovation projects, enabling development staff to focus their efforts more efficiently, while fully understanding and managing the impact of the changes they make.
Through automated application understanding, software development and test data software, banks can find the right code and then fix and test it quickly and efficiently, without exposing sensitive employee information and introducing new risks. Additionally, this more efficient approach can help to keep costs low by updating on a case-by-case basis rather than ripping and replacing all applications.
Intelligent application portfolio management technology has been used to great effect on mass change programmes forming the backbone of many organisations' maintenance activities, including handling the change requests emerging from mandatory regulation.
This technology helps business analysts to work with developers to identify and isolate impacted sections of the application portfolio and provide a 'single source of truth' for all stakeholders, regardless of role or function. This increased insight impacts positively on risk and productivity, which can be scaled up to support more strategic IT planning and portfolio management initiatives too.
Help in finding where to make changes is also critical. Intelligent application portfolio management solutions can provide developers with a 'to-do' list, focusing them on impacted areas and dramatically reducing the learning curve associated with unfamiliar code. From there, the right technology enables developers to get the job done quickly and accurately, avoiding re-work and high-profile system failure.
Developers then need to effectively test data, including protecting sensitive data through various forms of automated masking. By doing so, they can continue to adhere to rigorous privacy regulations and remove the risk of personal information falling into the wrong hands when company property is stolen or mislaid.
Some organisations go even further, using those same tools to reduce the size of their datasets while keeping full referential integrity. By using smaller, more precise, and secure test datasets, organisations can run their testing lifecycle in a shorter time, at a higher quality and with a lower cost.
TRP: Do you have any final thoughts?
DB: Banks can adapt their technological approach to regulatory changes in order to reduce the complexities faced in servicing the needs of the compliance officer, while satisfying the business innovation agenda.
By introducing appropriate technology, organisations can get ahead of the game – not just of compliance, but of their entire 'lights on' burden. This enables IT decision makers to support the business growth the company needs and which IT can deliver.
from TechRadar: All latest feeds http://ift.tt/1xAuO7Q
via IFTTT
0 commentaires :
Enregistrer un commentaire