By Anandh Maistry, Managing Partner, Banking & Insurance, Kyndryl ANZ
Australian financial services companies have begun a huge digital transformation in recent years. Big players are reporting an increase in app usage of more than 50% during the pandemic. But, based on their experiences during COVID, more than four in five financial services executives also believe their organisation needs to improve its IT infrastructure and applications to better adapt to external change, according to a 2022 report by the Economist Intelligence Unit and Appian.
I couldn’t agree more.
Huge challenge ahead
Banks face a huge challenge to modernise their legacy backend architecture to become more resilient. In the face of increasing threats such as state-sponsored cyber-attacks. They also need to simplify these core banking systems to speed up the improvements in customer experience needed in an era of inreased competition from digital upstarts, telcos and others.
Some 68% of bank executives say that rapid, fundamental change, rather than incremental progress, is needed to achieve their digital transformation objectives, according to another survey of bank executives in 2022. For me, that fundamental change must include not only front-end work but major replumbing and rewiring projects.
I believe 2023 is the year more financial services companies must start getting their houses in order. And commit to these “too hard basket” projects even as financial constraints bite. As with any classic Aussie home renovation project, they’ll have to do it while living in their own house.
Our country boasts some of the best digital banking customer experiences on the planet. Thanks in part to the prodigious pace at which traditional banks have responded to their digital upstart rivals.
But the spate of cyber breaches on Australian companies in late 2022 serves as a stark warning. There is a pressing need for financial services companies to update core architecture and back-end systems that process transactions, deposits, loans, and credit, and underlie business continuity.
Not all banks here are as far along this journey as they may think. They might be ahead in how they use data and analytics and present a lovely “bank in a box” to their customers at the front end… But what if they suffer a cyber breach? How can they perform the fast invasive surgery needed to identify where the problem is? especially when that type of problem was not even imagined when their various back-end systems were built?
Imagine a financial services organisation needs to recover systems back to a version that was one or two weeks old. But they have to run batch updates nightly. They now need to time travel a couple of weeks to get back up to date and replay all of the things that happened. Under those circumstances, how can they possibly move with the flexibility and speed needed to meet the demands of the board and the regulators? The people who are demanding reassurances about how quickly the organisation can recover from such an event?
These are tough questions to ask. Let alone answer. Especially for those companies that still operate on their old core and batch-based architectures. Those architectures may function just fine day to day, but they have typically been built up iteratively over decades. This has created confusing, interdependent systems and in some cases old software that can’t be serviced anymore because the patches are not available.
Not so simple…
To make matters more complex, the half-life of these systems keeps shortening. Companies used to refresh their back-end every seven years; then it moved to five, and now it’s sometimes down to three. This is even though it can take close to three years to fully implement some of these upgrades.
Tackling these headaches used to be the boring task no one wanted to deal with. But it can no longer be consigned to the too-hard basket. As anyone in banking IT who has embarked on a modernisation knows, it is not overnight work; it is long and challenging.
If you were starting from scratch with your plumbing, you would of course do it differently. As the digital natives have been able to do. But some newer architecture solutions that may work for a new bank may not be the right fit for an existing one that needs to migrate vast amounts of information. Not only is it tedious work, it’s also high risk. However, it must be done. Because as recent events have shown, time is of the essence when it comes to cyber recovery.
A first step companies can take is a comprehensive annual or six-monthly cyber-security corporate exercise that involves the entire C-Suite and Board. And which plays out exactly as if a major cyber breach has occurred. This is a great way to find out if your old plumbing is up to the job. As well as getting the support you need if it’s not.
The reality is that financial services organisations have a complex and ongoing transformation journey ahead as they aim to stay competitive and keep pace with customer expectations. So rather than putting off the inevitable, now is the time to jump in and get started.