Connect with us

Banking

Poor software testing puts banks at high risk of IT failures

Published

on

 Sune Engsig, VP Product at Leapwork

 

IT failures have plagued the banking industry for several years. From the TSB computer systems meltdown in 2018 costing the bank £330m and causing 80,000 customers to switch to a competitor, to Lloyds, Halifax and Bank of Scotland suffering an IT glitch on payday this year with customers’ faster payments and transfers being delayed.

Despite MPs calling for regulators to act, condemning the number of IT failures in the financial services sector as ‘unacceptable,’ the industry continues to let them happen leaving more and more irate customers locked out of their accounts. But with bank branches disappearing fast, customers are now far more reliant on online and mobile banking, so ensuring technology systems function correctly is paramount.  When you consider the complex compliance and regulatory setup of banks and other financial institutions, and the fact that they are dealing with incredibly sensitive customer information, those that do experience outages can face irreversible consequences such as loss of customer loyalty, severe reputational damage and regulatory fines.

A critical step in mitigating IT failures is having effective testing capabilities in place to find and fix any errors before new software is rolled out to market or new IT migrations take place. This lowers the risk of software failures and outages occurring after launch. Yet, 70% of software testers in banking and financial services think it’s acceptable to release software that hasn’t been properly tested, so long as it’s patched later, according to research by Leapwork. Furthermore, only 40% think software failures are a big risk to their company. But when the impact of an IT failure is so severe, why do banks still take risks?

 

Software testing challenges

Despite the swathes of software businesses now rely upon, 85% of software testing is still done manually. When it comes to the banking sector, as these institutions continue to develop new digitised products and services with increasingly sophisticated and customised software, it is clear that manual testing can no longer be the default. It is time-consuming, cannot scale amidst a skills crisis, and leaves companies open to human error.

There is a huge amount of pressure on IT teams to develop and release new software or manage new IT migrations. A critical step on this journey is having effective testing capabilities in place, like test automation, to find and fix any errors and bugs before new software is rolled out to market. This lowers the risk of outages and failures occurring after launch, which can negatively impact a company’s reputation and bottom line.

However, while some organisations recognise the value of automation tools, many continue to rely too heavily on code-dependant tools which, while an improvement on manual testing, are incredibly complicated to use and thus require specific skills and experience to operate. This means they too are impossible to scale, as they often depend upon developer skills.

 

Skills shortage forcing banks to take risks

Ensuring you undertake proper software testing seems like a no-brainer, but 40% of software goes to market without sufficient testing. The reason why; one in five (21%) of banking and financial services testers say ‘lack of available skilled developers.’ As companies transition from manual to automated testing, which typically requires coding skills, the major global developer skills shortage is creating bottlenecks, increasing costs and delaying project delivery times as development teams try to upskill manual testers, hire new talent or lean on existing developers.

As a result of the skills shortage, only 30% of testers in banking and financial services say they’re using some element of automation (i.e., an automation tool or a combination of manual and automation). In fact, 40% of CEOs across all industries think the fact that their company still relies on manual testing is the main reason why software isn’t tested properly, with 58% of testers in banking and financial services saying ‘underinvestment in test automation’ is the reason sufficient testing does not occur.

 

Testing issues not on CEOs’ agenda until too late

Across all sectors, 69% of CEOs think it’s acceptable to release software that hasn’t been properly tested, so long as it’s patched later, but 68% of testers claim their teams spend five to 10 days per year patching software. While nearly all testers express concern that insufficiently tested software is going to market, the overwhelming majority (75%) of CEOs say they’re confident their software is tested regularly. These numbers show a huge disconnect between CEOs and testers indicating that testing issues are falling under the radar and not being escalated until it’s too late.

 

Moving toward an automated future

Banking and financial services have been thought of as slow-moving and lacking innovation in the past. That isn’t the case anymore, as we’ve seen the industry take great strides towards digitalisation in recent years. However, with that digital transformation and integration of software comes outages, the consequences of which mean millions of pounds lost.

UK banks are at high risk of IT failures due to insufficient software testing, and a reliance on manual testing. On the current trajectory, more and more banks will struggle with failures and outages which could cost them a significant amount in financial and reputational damage. To minimise risk, they need to transition from manual to automated testing and explore testing options that don’t require coding skills so it’s easier to hire in talent or upskill existing team members, whether that be testers or everyday business users. Only then can they increase productivity and time to market while decreasing risk and costs.

 

 

Banking

Digital Acceleration – the next buzzword in banking tech? Or a new era for the industry?

Published

on

By

Ove Kreison, CTO at Tuum

McKinsey’s latest report on banking found that traditional banks are spending a whopping 85% of their tech budgets on maintaining legacy solutions, with just 15% going towards building anything new for customers.

Digital transformation’ has been the buzzword in banking technology for years, but the figures suggest there’s still a lot of ‘transforming’ left to be desired. Now we’re beginning to see the term ‘digital acceleration’ come to the fore, what does that mean for the state of banking technology? What is the difference between acceleration and transformation, and what should banks and other financial services players do to remain competitive?

Digital transformation – the second machine age which has taken an age!

The idea of ‘digital transformation’ didn’t come out of the blue. Banking – like most other industries post-WW2 – has been experiencing the ‘second machine age’ for decades, exploring how technology can digitize processes and services to make cost, operational and organisational efficiencies. All the while, this process has also made it far easier for companies to be more competitive with new digital products that are slicker, quicker and more user-friendly.

Banks have benefited from wherever they have had digital transformation to date – but it is the digital transformation of core technology stacks that is having the most impact and making banks realise operational efficiencies while making them nimbler to adapt to changing customer needs and remain relevant and competitive in a highly disrupted market.  Digital transformation to the core gives banks the ability to launch new offerings to market quicker, renovate and modernize business models, leverage and analyse data from multiple systems taking innovation of the more exciting front-end and customer centric offerings to the next level.  Faster speed to market,  highly personalised offerings, more agile, more scalable.

Success and progress to date, however, has been slow. Traditional banks especially are lumbered with highly complex and costly core technology stacks. Digital transformation and upgrading these core stacks still remains a priority, but the next wave of digital acceleration is now an urgent priority on the c-suite agenda to ensure banks compete and survive in a rapidly evolving industry.

Digital Acceleration vs Digital Transformation

Digital transformation at its core takes the existing ways companies have run their business and applies new technologies to digitize them – for example, taking a paper-based application process and making it online.

Digital acceleration is different. Here, digital becomes the very core of the business model, creating further new digital processes. It gives the power to not just make existing processes digital but to reimagine how those processes impact and improve the business. Some of the most forward-thinking banks are already doing this. BBVA, the second biggest bank in Spain, is actively and openly seeking to become a software company in the future and has digital at the heart of its offering. It embraced open innovation and new technologies to better serve its customers – for example, it launched an app-based money transfer offering, Tuyyo, in 2017. It’s also exploring how technologies like blockchain can be used to transform fundamental banking services such as loan origination, with the aim of improving the way it runs its businesses.

Co-Value Creation – Going it Alone isn’t an Option

A core facet of digital acceleration – especially in a highly mature and saturated market like banking – will be how banks, fintechs, enterprises and others collaborate to mobilise these more diverse capabilities and expertise, bringing mutual benefits to all parties.

The pace of technological change is so hypercompetitive to the point now where organisations cannot always sustain their competitive advantage or ‘do it all’. Constantly updating your offering to maintain market share and react to new demands has become a necessity for banks, but it is exhausting. More and more banks and FS providers are realising that the strategic resources and capabilities needed to deliver these innovative services lie outside of their business, and given the fast pace of change, developing everything in-house is unrealistic given the skills gap, time and cost constraints. Moreover, tech advances around integration and APIs mean collaborating with third-party experts has never been easier or more effective to bring capabilities that, combined with their own core offerings and customer data, provide an important competitive advantage and valuable proposition for customers.

One brilliant example of this is ING. Recognising the struggles associated with traditionally manual and paper-intensive trade finance processes, it launched a blockchain-based commodities financing platfrom Komgo in 2018 with a consortium of other banks and corporates like Société Général, Citi, and Mercuria. In an age of hypercompetition – mutually beneficial collaboration is the answer.

Transform, accelerate, create

Ultimately, banks can continue to digitally transform while also looking to digitally accelerate. In fact, the two go hand in hand; in order to reap the benefits and be able to consider platform co-creation and digital acceleration, banks need to transform their tech stacks from the core to have the capability and agility to think beyond the realms of their own core business and their own technology. Those that get it right by driving innovation from the core, are reimagining their business models for the digital age, tapping into new revenue streams and becoming more customer-centric are not only more relevant now but future proofed for digital acceleration of the future.

Continue Reading

Banking

Banking on legacy – The risks posed by ‘stone age’ banking infrastructure

Published

on

By Andreas Wuchner, Angel Investor of Venari Security

 

Introduction

If you consider the most significant motivating factors behind cyber-attacks – the promise of large financial reward and the opportunity to cause maximum business and social disruption – it’s little wonder that banks and financial institutions are amongst the most inviting targets for would-be cyber criminals. In fact, according to IBM’s recent report, ‘banking and finance’ was the most attacked industry for the five years between 2015 and 2020 – surpassed only by threats to critical infrastructure in recent years. Successful attacks can provide aggressors with a mass of sensitive personal and financial information, and even access to people’s money itself. Furthermore, a suspension of withdrawals and deposits can cause huge social disruption and reputational damage. 

As banks have reacted to years of new regulation and emerging technologies, they often operate with a hugely complicated and disparate technology estates. This provides malicious actors with a wealth of potential attack vectors. A small breach from anywhere in this network can have enormous consequences, and lead to entire systems being overrun. As such, it’s crucial that security teams operate with the highest-grade security possible, including ensuring the strongest level of encryption standards. Banks need to look beyond regulatory tick-box commitments and ensure they are taking proactive and preventative steps to monitor and combat malicious attacks across their entire network.

Andreas Wuchner

However, the ability to react to cyber-threats across a vast estate requires speed and flexibility to quickly react and update security protocols. The sheer volume of legacy infrastructure slows this process down considerably leaving many security teams in a vicious cycle. 

 

The threat of legacy infrastructure

A sizeable proportion of the banking industry still maintains a reliance on systems first developed more than 40 years ago. In fact, many ‘core banking’ systems, like payments, loans, mortgages and the associated technologies, are still coded using COBOL (Common Business-Orientated Language), an otherwise defunct programming language that is older than the internet itself. In the UK and Europe, COBOL remains the ‘backbone of banking services,’ while in the USA, as much as 43% of banking systems are built on COBOL, meaning it underpins much of our financial system.

This presents a huge security risk. While code has been regularly updated over the years, these systems were built when security threats were far less sophisticated, less well-financed and the burden of data was far less pronounced. For several years, governments have pointed towards legacy systems, built using COBOL, as a major cybersecurity threat, incompatible with modern security best practices and solutions, including multi-factor authentication. For example, data from Kaspersky found that businesses with outdated technology are much more likely to have suffered a data breach (65%) than those who keep their technology updated (29%).

A further security consideration is the diminishing number of people who are trained in maintaining COBOL systems. Every year, experienced professionals exit the industry, making it increasingly difficult to service legacy technologies and creating significant delays in patching threats once they’re identified. This lack of supply of sufficiently trained experts, and the demand they face, makes any updates extremely expensive and time consuming.

Furthermore, legacy infrastructure is preventing the secure application of encryption, posing its own distinct cybersecurity and regulatory risks. Encryption is often heralded as a silver bullet solution for data privacy and has been a continuing area of focus for regulatory bodies in recent years. However, banks remain guilty of poor deployment, maintenance and management of encryption – using outdated protocols and inefficient methods of analysing and understanding network traffic. This, coupled with legacy ‘core banking’ systems that are incompatible with modern encryption techniques, equates to a regulatory and security headache for security teams.

 

Adopting a new mindset  

The risks posed by legacy systems and the volume of cybersecurity threats facing banks, mean a concentrated re-think of overall cybersecurity strategy is needed to prevent breaches and ensure data is protected long-term. Traditionally, banks have taken an ‘outside-in’ view – dedicating capacity, finances and knowledge to dealing with threats that are existing, known and well publicised. However, to aid long-term security, this should be superseded by an ‘inside-out’ proactive approach, whereby security teams are cognisant of their own internal systems and where the key vulnerabilities are found. Once banks have a detailed view of the security risks posed by their legacy systems, and specifically what data is threatened, they can address flaws, update these systems and build a stronger overall security posture.

 

The secure path ahead

Many of our successful high-street banks today have centuries of experience in dealing with social, economic and regulatory upheaval. However, the rapid development and deployment of technology continues to present a unique challenge. Many ‘traditional’ banks have built a complex technology infrastructure through decades of adjustment to new legislation and emerging technologies. While serviceable in the past, fintech start-ups are pushing the long-term viability of these systems to the limit.

Challenger banks have the luxury of being built from the ground-up, prioritising convenient digital services and features, and modern security processes. As the user base of these banks increase, customers are increasingly expecting these features and security from their existing banks, meaning even more complexity added to legacy infrastructures. As outlined by Deloitte, existing firms simply aren’t positioned to support the rising expectation of the market, exposing banks to additional risk and liability.

What’s more, it’s estimated that banks spend as much as 80% of their yearly IT budgets on the maintenance of legacy systems. While an immediate switch away from these systems is unrealistic, there is an opportunity to reduce wasted spend and divert spend towards modernisation efforts. However, while traditional banks may want to adapt quicker to technological advancements, they need to do so while continuing to minimise cyber risk and without jeopardising the security of their data or systems. This means placing cybersecurity at the heart of any modernisation efforts and maintaining a steady rate of change. As more of the technology estate begins to be modernised, the potential risks of regulatory non-compliance will also reduce.

 

Legacy systems need a considered update

Banking systems have heavily relied on legacy infrastructure for too long now, bringing difficulties in maintaining the highest-grade cybersecurity and in facilitating innovation. The risks presented by novel cybersecurity attack vectors and competition from new and emerging digital services offered by challenger banks are exacerbating these issues. As such, legacy systems need a managed modernisation in the long-term, facilitated in part by a managed redistribution of existing IT spend. However, to ensure long-term security overall, cybersecurity needs to be central to be at the very heart of modernisation efforts.

 

Continue Reading

Magazine

Trending

Finance2 hours ago

Taxing times for online marketplaces? Operators must act now to avoid losing sellers

By Niall Kiernan, Senior Director of Product Marketing, Vertex   In today’s digital landscape, online marketplaces are an enabler for...

Top 1018 hours ago

Five Ways to Save Money in Your 20s

Depending on your background, entering your 20s can be a bit of a precarious time. Among the things you’ll need...

Business18 hours ago

Unlocking the Power of Data: Revolutionising Business Success in the Financial Services Sector

Suki Dhuphar, Head of EMEA, Tamr   The financial services (FS) sector operates within an immensely data-abundant landscape. But it’s...

Top 101 day ago

Hidden sources of FX risk: could your business be exposed?

Running a business can come with great rewards, but it’s not without risk – something businesses in the UK have...

Finance1 day ago

Preventing fraud and detecting money laundering in real-time

Mathew Hobbis – Chief Architect FSI, Solace   The number of payment channels has grown exponentially. The time it takes...

Top 101 day ago

Money where your mouth is: on the need to modernize insurance tech stacks

Tim Hood, VP, EMEA and APAC, Hyland   Once upon a time, starting an insurance company was a predominantly physical...

Business1 day ago

Making the Maths Work: Addressing Inflation Challenges through Measuring and Managing Risk

Matt Clementson, Head of Enterprise UK&I Persistent inflation is highly troublesome for every business – with or without a recession....

News1 day ago

BioCatch Strengthens Collaboration with Microsoft Cloud for Financial Services

Collaboration Delivers End-to-End Intelligent Banking Cloud Platform with Online Fraud Detection Powered by Next-Generation Behavioural Biometrics BioCatch, a global leader...

Business3 days ago

HOW SMALL BUSINESSES CAN FIGHT BACK AGAINST POOR PAYMENT PRACTICES

SMEs across the UK are facing a challenging economic environment and late payments pose a severe challenge to maintaining cash...

Business3 days ago

Less than a year until EMIR Refit: how can firms prepare? 

Leo Labeis, CEO at REGnosys, discusses everything that financial institutions need to know about EMIR Refit and how they can...

Business7 days ago

Enhancing cybersecurity in investment firms as new regulations come into force

Christian Scott, COO/CISO at Gotham Security, an Abacus Group Company   The alternative investment industry is a prime target for...

Technology7 days ago

How to think like an attacker & why it might be critical to your security strategy

Kam Karaji, Global Head of Information Security for Bibby Financial Services, argues at DTX Manchester that the most successful way...

Business7 days ago

Building a sustainable future – what’s on your agenda for 2023?

The most successful and progressive leaders are embracing ESG or Environmental, Social and Governance principles throughout their businesses, but how...

Banking7 days ago

Digital Acceleration – the next buzzword in banking tech? Or a new era for the industry?

Ove Kreison, CTO at Tuum McKinsey’s latest report on banking found that traditional banks are spending a whopping 85% of their...

Business7 days ago

One year until EMIR Refit: how can firms prepare? 

Leo Labeis, CEO at REGnosys, discusses everything that financial institutions need to know about EMIR Refit and how they can...

Business1 week ago

In the Name of the Family! Firms with CEOs under clan culture influence are much more likely to be internationally focused

In an increasingly globalised world, it is incredibly rare that a firm can expect to grow in the long-term unless...

Finance1 week ago

Regulations, RegTech and CBDCs – Fintech’s Next Chapter 

Teresa Cameron, Finance Director at Clear Junction    Over the last decade, the UK has embraced the fintech revolution with...

Business1 week ago

Gearing up for growth amid economic pressure: 10 top tips for maintaining control of IT costs

  By Dirk Martin, CEO and Founder of Serviceware   Three years on from the pandemic and economic pressure is...

News1 week ago

Find Your Tribe With Content Marketing

Ian is the CMO at Spotler Group   Seth Godin, a writer, speaker, marketing expert, and influencer, describes audiences as tribes,...

Finance1 week ago

The formula for success: delivering total experience in financial services

  Monica Hovsepian, Global Industry Strategist, OpenText   The tumult of the last few years has thrown many challenges at...

Trending