With more than 800 banking industry regulatory changes enacted in the seven years since the financial crisis, it’s clear that policymakers have been on a mission to improve market confidence and consumer protection needs. Many financial services firms, however, are grappling to keep pace.
With new regulations come new practices, but for one of the oldest sectors in America, change does not come easy. Financial sector firms must work constantly to review their operations, gauge compliance, and determine any potential vulnerabilities lurking in their organizations. Beyond staying compliant, banks, trading firms, and other financial entities must simultaneously strive to remain competitive by introducing innovative customer offerings -- often technology-focused, such as banking apps and mobile self-service. One main factor is holding the industry back on both fronts: legacy IT.
Legacy IT -- whether it's applications filled with COBOL, or antiquated mainframes -- runs rampant in the financial sector. Big banks especially are stuck on their old systems because of the speed and volume at which they can manage transactions. Unlike in other private sector industries, the cost of maintaining legacy IT (which typically eats up nearly 70% of internal IT departments’ budgets) is not a significant factor in financial services.
Maintenance expenses aside, depending on outdated systems puts firms at greater risk of non-compliance and security breaches -- and the consequences that accompany them. Legacy systems typically have obsolete documentation and are riddled with dead and irrelevant code. Not knowing what's living inside of your IT environment makes it exceedingly difficult to perform reviews and ensure accurate paper trails. This could also leave you blindsided if malicious code lurking in your dead code is suddenly activated. As a result, financial services firms running on dated computing systems are ill equipped for audits, and live with greater security concerns.
The great misconception
In an effort to maximize security and establish sound compliance, financial sector firms would be wise to rethink the need for IT modernization. Contrary to the industry's popular belief, though, there is no silver bullet when it comes to properly upgrading a corporate IT environment. A multi-phased process must be embraced in order to reap the full benefits of modernization.
For firms looking to bolster the compliance process, better secure private customer information, and lay the groundwork for future IT innovation, there are three main principles to keep in mind:
- Assess and document all systems to understand functionality: There are some systems that are simply too antiquated to be productive. At the same time, firms can't migrate to a new application or move forward unless they know what they already have. To determine this, the designated project team must thoroughly document the code and business rules inherent in the legacy software system to determine its logistics and complexity, and isolate any “dead” or obsolete code.
- Tap into internal resources: From senior leaders and project managers to subject matter experts, the modernization process is personnel-heavy. Financial services firms looking to modernize shouldn’t forget to tap into their internal resources to achieve success. This means calling on in-house IT staff to work side-by-side with experts familiar with both the source code and the target environment. Together, these teams can assess the legacy program with respect to both IT and regulatory environments, helping to determine the best approach to future modernization and vouch for the accuracy of the new system.
- Choose the path that’s right for you: Once the existing legacy situation is thoroughly assessed, firms have two choices to complete the task at hand. Depending on the organization’s plans and long-term IT strategy, it should either:
- Remove dead code from the program to eliminate advanced persistent threat vulnerabilities. By identifying and eliminating weak spots, firms can optimize existing systems, decrease the mounting maintenance costs, and move forward with more visibility into their IT environments, or
- Extract existing business rules from the application and clean them up for use in a new system. Again, this doesn’t present firms with an overnight solution, but is still a strategic step toward progress. It is not possible to extract business rules automatically, but selecting the right tool will ensure automatic extraction of the logic embedded in the code, and allow the selected services team to extract the rules from that logic.
Legacy IT is a liability in many industries, but it is especially dangerous in the financial services sector. Over time, failing to reevaluate these systems will only make compliance more expensive and more difficult to achieve. Further, aging applications rob firms of the ability to protect sensitive customer data -- a high priority in today’s personal information-conscious world.
As a result, the risks associated with maintaining legacy IT will mount and lead to larger, more damaging issues down the road. By choosing the right process and determining the appropriate solution, financial firms can avoid the pitfalls associated with legacy IT and offer customers the support and options they demand.Miten Marfatia is the CEO of EvolveWare, an IT solutions firm that develops tools that automate and modernize legacy IT infrastructure. View Full Bio