Out-Law / Your Daily Need-To-Know

Government-backed 'digital passport' rules are key to financial services innovation, says expert

Out-Law News | 04 Feb 2014 | 4:57 pm | 4 min. read

The Government can play a part in helping banks and other finance institutions deliver better digital services for customers despite many continuing to rely on complex legacy IT systems, an expert has said.

Expert in financial services and technology John Salmon of Pinsent Masons, the law firm behind Out-Law.com, said that the financial services sector is continually looking for ways to deal with the challenge of how to meet consumers' demand for innovative new services whilst working out how to integrate the systems behind those new services with a web of existing complicated IT infrastructure.

He said the Government has a role to play in encouraging the sector to overcome these challenges and embrace digital innovation. He said that adopting new standards on identity (ID) assurance is one action it could take to achieve this.

Salmon was commenting after a technology industry body called on the Government to lead on the development of a new 'digital modernisation strategy' for banks and other UK financial institutions. In its Towards a New Financial Services paper (75-page / 4.82MB PDF), which Pinsent Masons contributed to, trade association techUK said the strategy could help those organisations better manage the shift away from legacy systems.

TechUK said the Government should make it mandatory for the financial services sector to rely on a less complicated "technology infrastructure" than most currently have in place. It also called for a change of culture within financial institutions to drive innovation. It said that there is a need for "innovation friendly regulation", with one example being to allow banks using cloud services to meet their obligation to provide regulators with "effective access to data" through digital audits rather than requiring physical access to data centres.

The potential for a "digital financial services passport" to be created to authenticate individuals' identity when using "digital channels" was also investigated in the trade body's paper.

Such a 'passport' could improve trust and security in digital services and also help reduce "the cost associated with internal processes and systems, and the cost of fraud" and "provide an identity infrastructure fit for serving the ever-increasing digital demands of consumers".

"Moving from the current fragmented identity infrastructure to a standardised financial services passport would require overcoming several challenges; from the competitive dynamics in financial services, to the extent and scope of liability, whilst simultaneously maintaining KYC [Know Your Customer] and AML [anti-money laundering] compliance," the report said.

The Government is currently in the process of digitising 25 public services. These include the systems for applying for student loans, viewing of individuals' driving records, and enabling employers to conduct a criminal records check on prospective new employees. The projects are at various stages of development, although the student loans system is now live.

The Government has said previously that the success of the projects would depend largely on consumers' trust in using them. To that end it has been developing new guidelines on identity proofing as well as new principles on privacy to be applied across the new digital services. Last year the Government signed contracts with five companies to provide ID assurance services as part of the Government's digital services drive.

"It is clear that interoperability issues, caused by the complex nature of legacy IT systems, is something that banks must overcome when deciding on how to innovate, whether that's through delivering new online banking services, releasing mobile banking apps or linking customer accounts to new payment mechanisms," Salmon said. "It has become common place for banks to 'bolt on' the underlying systems for new services to existing IT infrastructure since the cost of properly integrating the systems has become prohibitive."

"Greater standardisation is called for. One area the Government may be able to help with this is in requiring banks to adhere to principles on privacy and identity verification and validation. The Government has made it clear that businesses that wish to be involved in the operation of new digital public services will need to adhere to the new standards. Standards on ID assurance would be equally useful in the banking world and could promote the concept of 'digital passporting' between services," he said.

In its paper, techUK said that "overly complex and ageing technology platforms" were behind a number of high profile IT outages as well as money laundering and rogue trading activity in recent times and added that they also hindered the ability of financial institutions' to harness the potential of 'big data'.

TechUK said that the 'always on' culture puts pressure on legacy systems and, because there are often "fragile connections" between the different components of those systems that have been "built on top of each other" for decades, there is a challenge in integrating new technology to those systems without causing "systems failures" and disruption to services.

However, the significant cost involved in completely replacing existing systems makes a "rip and replace" strategy "undesirable". It said, though, that there are opportunities for financial institutions to "bypass the restrictions that their legacy systems impose" without having to undergo such a radical overhaul to "'re-orientate' the structure of the financial system". It called on the Government to lead on a new strategy that can deliver such changes.

"Technology infrastructure in its current state does not allow financial institutions to adapt quickly enough to meet changing demands, whereas the trajectory of technological change is driving the expectations of customers to expect more; and contributing to a shadow banking market that is increasingly offering services where financial institutions cannot," it said.

"A catalyst is needed for financial institutions, their customers and the wider economy to benefit from the modernisation of the financial system. TechUK believes that the Government, working with financial institutions, regulators and the technology industry, should formulate and mandate a 'Digital Modernisation Strategy' to achieve precisely this and provide the foundation for the positive evolution of the industry," it added.

TechUK said that financial institutions should take advantage of the 'as a service' model which "allows for the scaling of operations as businesses grow or shrink" because organisations only buy the IT services they need. It also said that cloud computing offers banks the chance to pool the data currently locked away in "information silos" within their business in one place and so benefit from faster and better data analysis.

Concerns about privacy and who owns data in the cloud has so far caused banks to hold back from embracing cloud services, it said.

Technology and financial services law expert Yvonne Dunn of Pinsent Masons said: "While the frustration that underlies this call for Government to mandate a strategy is understandable, the challenge is getting privately-owned financial institutions to adhere to that strategy, since it’s the financial institutions’ money that will fund it."

"However there is no doubt that significant investment in technology is a must for financial institutions if they are going to remain competitive and avoid the kind of adverse publicity we’ve seen recently with technology failures," she added.