Infrastructure

08:00 AM
Miten Marfatia
Miten Marfatia
Commentary
Connect Directly
LinkedIn
RSS
E-Mail
50%
50%

Demystifying the Financial Services Myths Around Legacy IT

Contrary to the industry's popular belief, there is no silver bullet when it comes to properly upgrading a corporate IT environment. A multi-phased process must be embraced.

With more than 800 banking industry regulatory changes enacted in the seven years since the financial crisis, it’s clear that policymakers have been on a mission to improve market confidence and consumer protection needs. Many financial services firms, however, are grappling to keep pace.

With new regulations come new practices, but for one of the oldest sectors in America, change does not come easy. Financial sector firms must work constantly to review their operations, gauge compliance, and determine any potential vulnerabilities lurking in their organizations. Beyond staying compliant, banks, trading firms, and other financial entities must simultaneously strive to remain competitive by introducing innovative customer offerings -- often technology-focused, such as banking apps and mobile self-service. One main factor is holding the industry back on both fronts: legacy IT.

Legacy IT -- whether it's applications filled with COBOL, or antiquated mainframes -- runs rampant in the financial sector. Big banks especially are stuck on their old systems because of the speed and volume at which they can manage transactions. Unlike in other private sector industries, the cost of maintaining legacy IT (which typically eats up nearly 70% of internal IT departments’ budgets) is not a significant factor in financial services.

Maintenance expenses aside, depending on outdated systems puts firms at greater risk of non-compliance and security breaches -- and the consequences that accompany them. Legacy systems typically have obsolete documentation and are riddled with dead and irrelevant code. Not knowing what's living inside of your IT environment makes it exceedingly difficult to perform reviews and ensure accurate paper trails. This could also leave you blindsided if malicious code lurking in your dead code is suddenly activated. As a result, financial services firms running on dated computing systems are ill equipped for audits, and live with greater security concerns.  

The great misconception
In an effort to maximize security and establish sound compliance, financial sector firms would be wise to rethink the need for IT modernization. Contrary to the industry's popular belief, though, there is no silver bullet when it comes to properly upgrading a corporate IT environment. A multi-phased process must be embraced in order to reap the full benefits of modernization.

For firms looking to bolster the compliance process, better secure private customer information, and lay the groundwork for future IT innovation, there are three main principles to keep in mind:

  1. Assess and document all systems to understand functionality: There are some systems that are simply too antiquated to be productive. At the same time, firms can't migrate to a new application or move forward unless they know what they already have. To determine this, the designated project team must thoroughly document the code and business rules inherent in the legacy software system to determine its logistics and complexity, and isolate any “dead” or obsolete code.
  2. Tap into internal resources: From senior leaders and project managers to subject matter experts, the modernization process is personnel-heavy. Financial services firms looking to modernize shouldn’t forget to tap into their internal resources to achieve success. This means calling on in-house IT staff to work side-by-side with experts familiar with both the source code and the target environment. Together, these teams can assess the legacy program with respect to both IT and regulatory environments, helping to determine the best approach to future modernization and vouch for the accuracy of the new system.
  3. Choose the path that’s right for you: Once the existing legacy situation is thoroughly assessed, firms have two choices to complete the task at hand. Depending on the organization’s plans and long-term IT strategy, it should either:
    • Remove dead code from the program to eliminate advanced persistent threat vulnerabilities. By identifying and eliminating weak spots, firms can optimize existing systems, decrease the mounting maintenance costs, and move forward with more visibility into their IT environments, or
    • Extract existing business rules from the application and clean them up for use in a new system. Again, this doesn’t present firms with an overnight solution, but is still a strategic step toward progress. It is not possible to extract business rules automatically, but selecting the right tool will ensure automatic extraction of the logic embedded in the code, and allow the selected services team to extract the rules from that logic.

Legacy IT is a liability in many industries, but it is especially dangerous in the financial services sector. Over time, failing to reevaluate these systems will only make compliance more expensive and more difficult to achieve. Further, aging applications rob firms of the ability to protect sensitive customer data -- a high priority in today’s personal information-conscious world.

As a result, the risks associated with maintaining legacy IT will mount and lead to larger, more damaging issues down the road. By choosing the right process and determining the appropriate solution, financial firms can avoid the pitfalls associated with legacy IT and offer customers the support and options they demand.

Miten Marfatia is the CEO of EvolveWare, an IT solutions firm that develops tools that automate and modernize legacy IT infrastructure. View Full Bio
Comment  | 
Print  | 
More Insights
More Commentary
SEC Examinations: What to Expect When the SEC Is on It's Way
Theodore Eichenlaub highlights trends in SEC expectations and how to approach a risk assessment of your compliance program.
The Value of Predictive Analytics in Financial Services
Risk management and customer data are two key areas where data analytics is being applied in financial services.
Moving the Trader Closer to the Investment Process
The sell side can demonstrate more value by applying analytics to pre- and post-trading, and by educating buy-side clients about broker segmentation, trading behavior and algorithm shortcomings, and more.
Wirehouses May See More Independent BDs as Retention Packages Expire
Retention bonuses are expiring, leaving brokerages vulnerable to attrition. Is access to technology making it easier for brokers to go independent?
SCI: A Whale of a Regulation
The SEC's Reg SCI weights in at a whopping 742 pages. Here is what you need to know about the oversized regulation.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
7 Unusual Behaviors That Indicate Security Breaches
7 Unusual Behaviors That Indicate Security Breaches
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.