It’s no surprise that some legacy banks are neglecting back-office IT, says ECS Cloud Chief
Mon 25 Feb 2019 | Allan Brearley
Cloud is enabling retail banks to pursue a fertile innovation agenda, but they may be too preoccupied with time-to-market and customer retention at the expense of backend and back-office systems, says Allan Brearley
Despite initial hesitancy over the regulatory and security risks, most retail banks are now one way or another onboard with cloud. Over the past twelve months, growing competition from fintech ‘challenger’ banks such as Revolut and Monzo has forced legacy banks to take stock and up their game.
Cloud is now seen as a key enabler of agility, reduced time to market and cost reduced cost ratios, facilitating speedy deployment of new services and features that in part attempt to replicate the glorious experiences delivered by fledgeling fintechs.
In the rush to adopt and compete in that space back-office systems are being neglected in favour of customer services and features. A Pinsent Masons report released this year revealed just two percent of financial services firms are prioritising back-office IT investment. Allan Brealey, cloud enablement practice Head at IT services firm ECS is not surprised by the trend.
ECS is the UK’s largest independent IT services firm and works with many of the UK’s major retail banks on major transformation projects, including transitioning core business applications to public or hybrid cloud.
Allan tells me that while there are plenty of tangible benefits to be extracted from cloud adoption, benefits are dependent on the approach taken to architecting, build and operation.
The two main benefits his clients are seeing from transitions are reduced costs and increased agility, he says. Practically, this translates to reduced time to market for new products and features, such as moving from a capital-based funding model to a pay on demand approach.
“This not only allows capital to be deployed more creatively but also supports an innovation agenda, allowing organisations to try out new ideas with a reduction in overall capital risk,” he says.
“Shifting to new ways of working, including the ability to deliver infrastructure as code via automation, can drastically reduce the end-to-end development and delivery cycle with a corresponding reduction in risk.”
A knock-on benefit is that these applications are resilient and self-healing if they are designed to be cloud-native and leverage higher-value PaaS features.
As core banking applications encompass many more supporting applications, before migrating to the cloud banks have to analyse them and their constitutive technologies and components in detail, so the process of planning the range of technologies, data transfer and latency requirements can begin.
Allan adds that complicating matters important data models pertaining to these systems have been left undocumented.
“Not only this, but clearly there are regulatory and compliance considerations that need to factored into the mix.”
“From a technology perspective, the specific application or service line architecture will colour what components should be placed either in public or private cloud. Considerations such as data ingress/egress, latency, data sovereignty and a host of other factors will inform this decision. It’s really about what’s right for the customer, their objectives and their risk appetite.
Once counterintuitive, it is now generally held that responsible use of the public cloud can offer more security than can private cloud. Despite this security remains a counter-argument for transitioning. Allan questions this reasoning given the incentives incumbent on the main cloud service providers (MSPs.)
“When you consider the investment made by the cloud service providers in securing their platforms, it dwarfs that of all but the very largest enterprises,” he says. “It’s at the heart of everything they do. Without it, their reputation would be worthless.”
Public cloud deployments split the responsibilities, he says. If banks adopt, they need to ensure they are responsible for security “in the cloud”, leaving CSPs in charge for security ‘of the cloud’ – physical data centres, compute, storage and networking. Banks still need to judge for themselves the risk relevant to each application.
“The more pragmatic approach would be for incumbents to spin out their own greenfield fintech challengers and then to leverage the wealth of customer data and insight to leapfrog challengers”
“As a consumer of cloud services you will still need to ensure you maintain perimeter security, secure user access, encrypt your data, secure your applications etc. As long as you understand this model and execute the appropriate controls then public cloud should be every bit, if not more secure, than an on-premise data centre,” he says.
Style over substance?
According to a recent Pinsent Masons study, because retail banks are under financing inward facing back-office IT to focus on improving customer experiences, they are making their systems vulnerable to costly breaches. Allan says the trend is unsurprising given fresh customer expectations brought about by feature heavy fintech mobile applications.
“Customers’ expectations in the areas of customer service and features are ever increasing, due largely to the fintechs’ ability to develop and deploy new features to delight their customers, unencumbered by legacy,” he says.
“In order for the incumbent retail banks to compete they simply have to divert more investment into customer retention and therefore front end-systems. For some time I have speculated that this approach will fail, as the back-end and back-office systems become more and more neglected,” he adds. “In my view, the more pragmatic approach would be for incumbents to spin out their own greenfield fintech challengers and then to leverage the wealth of customer data and insight to leapfrog challengers.”
Tags:Cloud finance FinTech monzo public cloud retail banks
Why we need to automate automation
Read More >>
Collaboration with young generation key to virtual bank success, says ZhongAn...
Read More >>
Before you pay your ransomware read this
Read More >>
Are you prepared for the enterprise 2G/3G shutdown?
Read More >>
What other smart city projects can learn from Taipei
Read More >>