Banking outages cause unacceptable pain for customers and are occurring with increased regularity. Digital banking is essential to our economy and ongoing failures are both unacceptable and preventable.
Last week an independent report concluded that the board of TSB “lacked common sense” when it moved 1.9m customers onto a new system in 2018 that had not been properly tested.
And last month the Treasury Select Committee called for banks to face greater regulatory crackdown and higher industry levies to tackle IT failures.
Banking systems are critical national infrastructure and need to be treated as such.
Technology transformation and the provision of sustainable, resilient IT need to be part of a formal mandate for the boards of major financial institutions.
The TSB review has revealed a lack of technology literacy at the top of the organisation at the time of the migration. If regulators want banks to take IT resilience seriously, why not mandate them to appoint a chief information officer (CIO) to their board?
Given the importance of this issue parliament is right to take an interest and while I welcome the Treasury Select Committee’s proactivity, I remain concerned that some of their recommendations could hinder rather than help the situation.
MPs are right to point out that legacy technology leaves banks vulnerable to IT failures. However, the reality is that trying to replace or modernise old systems, while continuing to run day-to-day banking services, is both costly and high risk. These highly complex systems must be rigorously tested before being implemented and long term strategic thinking is required when it comes to their design and architecture.
Given all this, introducing further levies – as suggested by the Treasury Select Committee – could serve only to reduce the limited budgets that banks already have for IT transformation.
At a time where all banks are under pressure to maintain capital reserves and deliver value to consumers and shareholders, it is often hard for IT leaders to justify wholesale modernisation or replacements.
So rather than levying yet more cash from banks would it not make sense for regulators to require the ring-fencing of a fixed percentage of revenues for IT investment?
This would help ensure that banks commit sufficient resources to digital transformation and would hopefully lead to fewer painful outages for customers.
The Select Committee report also correctly identifies the risk that comes with multiple leading banks becoming increasingly reliant on services from the same public cloud providers. However, their call for regulating public cloud providers seems to miss the point.
With regulators already struggling under the burden of monitoring banks’ IT resilience, consumers would be better served if banks consciously spread their risk with a hybrid approach to cloud computing.
Ultimately the systems that run our banks are complex. The crashes we’ve seen to date cannot be prevented purely by greater regulation. The industry and most importantly consumers, needs to see banks, regulators and technology companies working together more effectively to ensure this critical national infrastructure gets the focus and investment that it desperately needs.
Marc Waters is managing director for Hewlett Packard Enterprise in the UK & Ireland