Lev Lesokhin, CAST

Lev Lesokhin, CAST: banks need to get their act together!

Following outages at some of the UK’s leading banks including Barclays and, most recently, HSBC which left customers unable to access funds for up to two days, means system failures are a hot topic. The amount and frequency of these damaging failures emphasises the growing issue of poor software quality management in the UK banking sector.

If something isn’t done to address this problem, banks will continue to face system performance issues and mounting concerns related to customer experience and satisfaction, despite pressures on cost.

What’s causing these outages?

We’ve analysed five core structural software characteristics:

  • robustness,
  • security,
  • transferability,
  • changeability
  • efficiency.

Looking at the security of the applications across the financial services sector revealed that Brits are more likely to break the rules when it comes to security measures, with one in four of UK-based applications recording the lowest scores for security. Ignoring security best-practices is especially worrying as recent figures suggest one in five UK banks are hit by cybercrime. The UK banks need to do more to address this issue and fight off further cyber-attacks on the UK banking sector.

UK banks are known for having core systems based on legacy IT, with some even running applications on systems more than thirty years old. It is no surprise to see that British coders are using mainstream and “old school” technologies to support such applications. British apps were found to mostly be written in Java-EE and Cobol, whilst the US and Europe are using a much wider range of technologies.

This isn’t helped by the fact that UK banking applications are far larger and more monolithic than their foreign counterparts for financial applications. In short, Brits are verbose and can’t compartmentalise their thoughts. The average lines of code (LOC) for both US and Europe is under 440,000 LOC, compared to 1.07 million LOC for the UK. This exposes UK banks to far more difficulty in dealing with digital transformation trends, bolting on new functionality at greater risk of faults and glitches, and when there is an outage it can take the bank twice as long to get to the root cause and fix it.

The key differences between the UK banking sector and their overseas equivalents indicates the UK is lagging when it comes to mastering the overall risk and quality of these applications. Especially when it comes to controlling how distributed components of very large applications are bolted together to perform a transaction. Doing so will help to reduce the regularity of system outages.

How can the British Banks fix these issues?

As technology continues to evolve and become more complex, with the popularity of new payment platforms such as Apple Pay, Google Wallet, online banking and contactless adding to the strain on the existing legacy systems, combined with the apparent poor application structure and coding, it is no wonder the UK financial sector is struggling to meet the high levels of performance and security modern customers expect.

There is an apparent need for the UK financial sector to modernise and improve its application resiliency to reduce the risk of damaging outages and failures. This is particularly poignant with rival European counterparts leading the way, and US banks also performing better. As the new generation of challenger banks burst onto the scene in a bid to take a slice of the UK banking pie, disenchanted British customers may begin to look beyond the traditional “big banks”.

By Lev Lesokhin, EVP strategy and analytics, CAST