The banking and finance sector has created an IT “crutch” over the last few years. It is now limping behind more agile competitors from a technology standpoint. There has been a huge investment in R&D and engineering initiatives in many of the banks but some of these initiatives have failed or are doomed to failure because the people leading them are trying to deliver against a challenging backdrop of bloated legacy process, bureaucratic cultures, organisational inefficiency, compliance and security fears. The result is that many initiatives are crippled from the start.
Initiatives will simply stall and end up in the “too hard” bucket. This is not because it’s too difficult technically, but more so because of the banks organisational make-up. The IT challenge facing the sector is the fear that exists in making any important changes. Significant IT change that might represent a risk to IT operational stability is scrutinised heavily and even changes that represent small risks with limited impact are revoked, delayed or become difficult to pass through the red tape. This often leads to IT teams taking the path of least resistance.
Many banks are wisely investing heavily in cloud technologies. But the fear created by the compliance and security teams is the biggest single roadblock. Questions such as:
- “Will my customer’s data really be safe in this cloud provider’s data centre?”
- “Will my data remain where I put it or will it end up somewhere else on the planet?”
- “How do I really know that my data is secure?”
- “What if the cloud provider’s staff can get to my data?”
The reality is this:
- The data centre facilities provided by the largest cloud providers, including Amazon, Microsoft and Rackspace benefit from enhanced: physical security, architecture, management process and industry standards than many of the global banks data centres.
- All the major cloud service providers support multiple layers of authentication to access data and services.
- All data travelling to and from the cloud providers’ data centre facilities can be encrypted at the highest levels.
- The banks can choose the levels of encryption for data “at rest” within the cloud providers data centre using either encryption methods the cloud providers offer or by applying their own encryption standards to the data they store in the cloud.
In short, the data residing in a major cloud provider’s data centre can be made as secure and in many cases more secure than the data centre facilities provided by the banks themselves. While the banks are stalling on the “is this secure” and “how do I keep control” question, more nimble organisations are rapidly consuming ready-made services from the Cloud and using smart measures to ensure that they protect their own data as well as their customers’ data.
The banks need to review their IT strategies for the long term to ensure that strategies are clearly aligned to the banks business strategies. Some IT departments within banks have become so large and dispersed that that the IT teams appear to have forgotten that they work in a banking business and not an IT business. A bank exists to look after its customer’s money and to invest that money wisely and safely. The recent banking crisis has resulted in a level of scrutiny that the banks are not accustomed to. IT exists to support the banks strategy and to run its processes. That’s it.
The key thought process of any banking CIO today must be “how do I build a strategy that supports the bank’s business strategy”. First and foremost it is about providing service. Secondly it’s about partnering with the business in a way that technology innovation supports the broader strategy. Key considerations for banking CTOs or CIOs include:
- How do I provide the core services in a secure, reliable way whilst keeping the operating costs low?
- How do I readily embrace services and technologies from third parties and avoid building legacy systems?
- How do I put myself at the heart of the business strategy as a partner to develop an intimate appreciation of the banks goals?
- How do I effect organisational change within my own IT organisation to break old habits and generate a brave new culture of significant change that aligns to the banks goals?
- How do I review all the commodity processes that make the legacy IT system what it is today so the change team and I understand the inefficiencies and know the change priorities?
We have seen many real life examples of issues in IT operations teams in the financial industry such as:
- Average time to set up a new joiner with standard IT “stuff” such as account, mailbox, desktop and applications after the user has joined – 10 days.
- The number of times a support issue is passed between IT queues before it got to a support person who could fix what was a really common issue – 94 times.
- Average time to get a new virtual server in the data centre – 12 weeks.
These are only examples, and not every bank has such inefficiencies. However in large organisations, there are issues to address. If you were to count the real cost of having thousands of staff each waiting two weeks to start working in a large global bank, the costs are eye-watering. IT in the financial industry has to take action – and either consume more ready-made IT services such as cloud services, or start operating like cloud providers.
In this day and age, the provision of commodity services should happen at the push of a button and the button should be pressed by the business person, not an IT person. Process and culture need to be changed so that the banking and finance sector can regain their competitive advantage from the likes of digital and retail companies. By seizing this opportunity, we will be able to become more agile, competitive and maintain our prestigious financial heritage.