The time for banks to update legacy IT systems is fast approaching, says expert

The IT infrastructure on which systems of many of the major UK banks are based is decades-old and, while it has largely served the industry well, is not best suited to supporting the latest technologies banks need to embrace to keep pace with the broad digitisation of financial services.

Much of the latest functionality banks have delivered to customers, such as slick mobile banking apps and other digital interfaces, have been developed using systems that 'plug-in' to the legacy IT infrastructure through so-called 'middleware'. Following years of system updates and integrations post-merger, banks' IT systems have taken on the form of a complex web of hardware and software.

There is a dwindling band of people in the industry with sufficient technical expertise and knowledge of the oldest systems in use to know how to fix things when they go wrong. The situation is unsustainable for banks that wish to not only maintain day-to-day operations, but to innovate in the face of increased competition from challenger banks and fintechs.

More and more banks are exploring cloud computing solutions. The cloud lets banks use others' IT infrastructure to host their systems and data, and to tap in to the latest cloud-based software applications too. The cloud allows banks to make use of the computing power they need and to scale up on capacity with minimal fuss. The UK's Financial Conduct Authority (FCA), considered one of the most forward-thinking financial regulators in the world, published new guidelines in 2016 to help banks understand the steps they need to take to adopt cloud-based services.

The guidelines have been welcomed by industry, but there remain a number of issues that hinder banks from taking up cloud solutions. From facilitating rights of audit in a cloud context to the location, management and security of data and ensuring a smooth transition to a new provider when contracts are ended, banks still face a number of legal and regulatory hurdles to adopting cloud solutions.

Whether moving to a cloud environment or not, embarking on any major transformational IT project is a daunting prospect for any organisation. It entails elements of risk, which in the case of banks include moving from generally stable systems that, despite their limitations, have largely ensured continuity of service to customers, to new systems where long-term reliability has still to be proven. Further risks include as-yet unknown vulnerabilities in new technology, and the threat that poses to firms' networks and to the security of customer data and commercially sensitive information.

Major legacy-to-digital transformations also take time. This is particularly true in the banking market, given the regulatory issues that banks must address. While new entrants to the market may have streamlined structures and processes that allow them to take decisions and adapt to change quickly, incumbent banks tend to operate under a tighter governance framework which can slow down decision-making.

To get to a position of moving from legacy IT systems to new infrastructure, project teams are likely to need to go through a lengthy process. This will involve everything from building the business case for change, gaining budgetary approval and board-level sign-off for the project, investigating the solutions offered by IT suppliers in the market and selecting a preferred provider, negotiating commercial terms with that provider and agreeing appropriate contract provisions to govern the delivery of service, engaging with the regulator where a material outsourcing is planned, and finally dealing with the practicalities of migrating applications and data from existing systems to new ones, including thorough testing of the new environment.

Some banks have already begun the shift. Deutsche Bank is one global financial institution that has openly discussed its modernisation of IT. Given the lag that inevitably arises between the initiation of major transformation projects and their completion, banks persevering with legacy systems must begin their process of change now.

The pressure to act arises because banks not only face increased scrutiny of the way their IT systems operate from regulators and parliamentary watchdogs, but because of the demands customers have over the way services, including banking services, are delivered in the digital age.

Banks retain an advantage over fintechs and new challengers in the market that may be able to operate more nimbly and innovate faster. This is because they have an existing customer relationship and trust in their brand and services which most organisations across all sectors desire.

However, with technology changing rapidly and with regulations being updated to give greater recognition and legitimacy to innovative fintechs in areas such as payments and lending and in open banking more generally, there may soon come a tipping point where customers question their loyalty to banks and move to new providers in greater number.

Banks that take proactive steps to upgrade their IT systems and implement the latest technologies will be best placed to ward off this threat and preserve or even extend their share of the market.

Joanne McIntosh is a technology law expert at Pinsent Masons, the law firm behind Out-Law.com.