Is application development to blame for UK banking outages?
UK banks have suffered a number of high profile outages over the last few years and it continues to be a problem. Earlier this year, HSBC’s online banking system failed leading to frustrated customers. Last year, NatWest’s customers could not log into their online banking systems which was down due to a cyber-attack, according to the bank.
Many see these outages as repercussions of the banking sector’s failure to modernise its IT systems. A new CRASH report by CAST, an independent software vendor has looked into the reasons behind the frequent outages experienced by UK banks.
The report analysed 241 million lines of code for their quality across 430 applications based on submissions by 53 organisations. Specifically, the report looked at the quality that goes into the coding of an application as it is usually “quality flaws” that are responsible for outages that are experienced by banks. It found that organisations from the UK deliver applications “at the highest risk” and that application developers fall short in comparison to banks based in other parts of Europe and the US.
So why is the UK falling short in comparison to everyone else?
“In continental Europe, the approach to application development is very much an engineering approach. In the UK there tends to be more of a creative approach to building software rather than the vigorous, engineering and process-heavy approach,” Lev Lesokhin, software analytics expert at CAST tells me over the phone from the US.
Obstacles to upgrading
So is the UK application development process more “fast and loose” compared to everyone else? Phil Wainewright, digital transformation analyst at diginomica agrees to an extent about the UK’s creative approach. But he adds that there is a tradition of “home-grown solutions combined with a more hands-off management style” that suddenly shifted to cost-cutting micro-management after the 2008 crash.
“The effects are more noticeable in the UK market because there are just a few big names which is very unlike the highly fragmented US banking scene, for example. So any outage affects millions of customers.”
The Internet of Things
Peter Duffy, CTO at Sumerian blames a culture of omission at banks which contributes to the outages that frequently occur. He refers to the “hero-culture” that exists in operations teams where the “hero” puts in a huge number of hours to fix the problem and is in return rewarded when bonus time comes.
“The challenge is that individuals and teams who have been proactive and avoided such issues don’t get the same recognition – so there’s less incentive to do so. Banks need to recognise and reward initiatives that actively attempt to avoid problems – for example, by tracking occasions when action is taken to prevent an outage and rewarding outage prevention heroes.
Piyush Pant, vice president of strategic markets at MetricStream doesn’t think it’s down to a cultural mind-set in the UK or down to application development processes in the UK.
“Any breaches in the banking sector are much more likely to be the standard issues of failed governance and inadequate controls than system development. This is a global issue and consistent across other regions.”
Are old IT systems really to blame?
In 2014, banks reportedly spent about $188bn on IT but the cost of constantly maintaining the upkeep of these ageing IT systems is draining the budget for IT spending. In a top tech trends report, it was found that 33% of executives believe that upgrading core platforms is essential in providing a good customer experience.
Is the old IT banking system a problem just in the UK?
“It is definitely a problem for the banks but I don’t think it’s a different problem for the UK. You could argue that the UK has slightly older systems and this makes things difficult in the UK but this is true in the rest of Europe and US too,” says CAST’s Lesokhin.
Duffy of Sumerian believes legacy systems are definitely part of the problem but he thinks “growing complexity” has also become an issue.
“In most banks, it is very difficult to draw a neat line around a collection of components and say ‘this represents application X’ – boundaries are becoming increasingly blurred,” says Duffy.
According to Wainewright, legacy IT systems are “increasingly difficult to maintain” and many of the outages have been because of “necessary upgrades that have failed in some way”.
“Recovery has proven difficult because of the complexity of upgrading antiquated systems. This is a global problem not restricted to the UK but there are some specifics in the UK that raise the stakes.”
Read more on the article here - http://www.idgconnect.com/abstract/16162/is-application-development-blame-uk-banking-outages