Is application development to blame for UK banking outages?

UK banks have suffered a number of high profile outages over the last few years and it continues to be a problem. Earlier this year, HSBC’s online banking system failed leading to frustrated customers. Last year, NatWest’s customers could not log into their online banking systems which was down due to a cyber-attack, according to the bank.

Many see these outages as repercussions of the banking sector’s failure to modernise its IT systems.  A new CRASH report by CAST, an independent software vendor has looked into the reasons behind the frequent outages experienced by UK banks.

The report analysed 241 million lines of code for their quality across 430 applications based on submissions by 53 organisations. Specifically, the report looked at the quality that goes into the coding of an application as it is usually “quality flaws” that are responsible for outages that are experienced by banks. It found that organisations from the UK deliver applications “at the highest risk” and that application developers fall short in comparison to banks based in other parts of Europe and the US.

So why is the UK falling short in comparison to everyone else?

“In continental Europe, the approach to application development is very much an engineering approach. In the UK there tends to be more of a creative approach to building software rather than the vigorous, engineering and process-heavy approach,” Lev Lesokhin, software analytics expert at CAST tells me over the phone from the US.

So is the UK application development process more “fast and loose” compared to everyone else? Phil Wainewright, digital transformation analyst at diginomica agrees to an extent about the UK’s creative approach. But he adds that there is a tradition of “home-grown solutions combined with a more hands-off management style” that suddenly shifted to cost-cutting micro-management after the 2008 crash.

“The effects are more noticeable in the UK market because there are just a few big names which is very unlike the highly fragmented US banking scene, for example. So any outage affects millions of customers.”

Peter Duffy, CTO at Sumerian blames a culture of omission at banks which contributes to the outages that frequently occur. He refers to the “hero-culture” that exists in operations teams where the “hero” puts in a huge number of hours to fix the problem and is in return rewarded when bonus time comes.

“The challenge is that individuals and teams who have been proactive and avoided such issues don’t get the same recognition – so there’s less incentive to do so.  Banks need to recognise and reward initiatives that actively attempt to avoid problems – for example, by tracking occasions when action is taken to prevent an outage and rewarding outage prevention heroes.

Piyush Pant, vice president of strategic markets at MetricStream doesn’t think it’s down to a cultural mind-set in the UK or down to application development processes in the UK.

“Any breaches in the banking sector are much more likely to be the standard issues of failed governance and inadequate controls than system development. This is a global issue and consistent across other regions.”

Are old IT systems really to blame?

In 2014, banks reportedly spent about $188bn on IT but the cost of constantly maintaining the upkeep of these ageing IT systems is draining the budget for IT spending. In a top tech trends report, it was found that 33% of executives believe that upgrading core platforms is essential in providing a good customer experience.

Is the old IT banking system a problem just in the UK?

It is definitely a problem for the banks but I don’t think it’s a different problem for the UK. You could argue that the UK has slightly older systems and this makes things difficult in the UK but this is true in the rest of Europe and US too,” says CAST’s Lesokhin.

Duffy of Sumerian believes legacy systems are definitely part of the problem but he thinks “growing complexity” has also become an issue.

“In most banks, it is very difficult to draw a neat line around a collection of components and say ‘this represents application X’ – boundaries are becoming increasingly blurred,” says Duffy.

According to Wainewright, legacy IT systems are “increasingly difficult to maintain” and many of the outages have been because of “necessary upgrades that have failed in some way”.

“Recovery has proven difficult because of the complexity of upgrading antiquated systems. This is a global problem not restricted to the UK but there are some specifics in the UK that raise the stakes.”

How should banks respond to growing threats from the tech industry?

Another challenge for banks is how to handle the growing competitors from the technology industry. Apple, Google and Facebook have now entered the payments industry. Then there are other “digitally-focused” challengers like the startup Mondo that wants to be the “Facebook for banking”. Others like Atom and Monese are tapping into the smartphone market that is appealing to the younger crowd and geared towards the future of banking.

Lesokhin thinks that banks need to start embracing the fact that they are a software company.

“Life is going to really get tough for these banks, I think it already is. You’ve got Google, Microsoft and Apple getting into payments. The whole payments space is super-hot. I think from the standpoint of managing the banking enterprise, the banks still haven’t quite realised that they’re competing in a technology software space first and foremost,” says Lesokhin.  

Wainewright of diginomica agrees that in the connected world, banks need to become a software business.

“If they're not using software to automate large swathes of their operations that used to be manual, they don't have a hope of keeping up with what lies ahead,” adds Wainewright.

Max Speur, COO at SunTec does not think banks should see themselves as a software vendor as they have “survived many centuries already based on consumer trust”.  

“Although Facebook, Google and Twitter have spotted an opportunity to make themselves relevant in Financial Services, they still have a long way to go before they are trusted like established banks are.”

But Speur still thinks that banks should still learn from the way the tech giants are delivering their customer services.

“Banks should deliver their savings, mortgage and current account services as if they were Uber, Google or Microsoft. Customer experience today means the service provider has to deliver through a variety of touch points such as mobile and social. Once banks have cracked this, they can focus innovation around connected devices,” Speur adds.

But according to Wainewright, it’s not just the tech giants banks should be afraid of.

“The threats don't only come from tech giants, they also come from fintech minnows. The banks' traditional bread-and-butter business models are being undermined by all manner of digitally-enabled alternatives, from mobile payments to peer-to-peer transactions.

“It's the same challenge that incumbents in every major industry have to face sooner or later, and now banking's moment of peak disruption has arrived,” Wainewright says.


« Crowdsourcing Innovation: Jan Willem Smeenk, SODAQ


Africa House: Spark Online's business incubation in Somalia »
Ayesha Salim

Ayesha Salim is Staff Writer at IDG Connect

  • twt
  • Mail


Do you think your smartphone is making you a workaholic?