By Mat Clothier, CEO, Cloudhouse
Across global industries, the financial services sector is among the most regulated. Ensuring compliance is an increasingly complex undertaking, and firms have not been short of challenges presented by factors such as Brexit laws impacting on the flow of data between the UK and the EU. The introduction of GDPR in 2018 has also had wide-reaching implications in terms of data security and the resulting fines in the case of misuse of information or cyber-attack.
With financial services needing to adapt to a changing landscape, a rapidly emerging piece of the compliance puzzle is the need to address end-of-life systems and upcoming deadlines for end-of-support. This is particularly crucial in the case of server operating systems such as Windows Server 2012, with an end-of-life deadline currently set for 2023. But why is quick reactivity so crucial in this sector, and what do financial services firms need to consider moving forward?
The financial services landscape
Up-to-date operating systems such as Microsoft Windows can assist in providing a general safety net of underlying support, which can help financial services firms meet many regulations and provide the foundation for compliant apps. Persistence with an end-of-life system and failure to update or replace it can leave financial services firms falling foul of these requirements, leading to significant fines from non-compliance or a resulting data breach from a cyber-attack on a known vulnerable system.
The resulting loss of critical data can then have further implications for organisations in terms of inadvertently breaching established supplier agreements and obligations, plus the resulting inefficiencies from extended downtime. In the worst-case scenario, this can ultimately threaten the brand and long-term survival of the business.
With a range of risks that can pose serious challenges, the unique nature of the financial industry can be an additional roadblock to compliance. Strong market competition among financial services firms can lead many in the industry to focus on IT investment to differentiate the business in a crowded sector. While understandably necessary as a tactic to compete, this focus can lead to priorities shifting, resulting in failing to address end-of-life dates early enough.
Like many industries, the financial industry has also been forced to tackle the challenges that have come with its employees working from home due to the Covid-19 pandemic, making it easier for the updating of systems to be put on the backburner and upcoming end-of-life dates to be missed during an extended period of crisis.
Putting end-of-life at front-of-mind
Financial services firms need to identify upcoming end-of-life dates as soon possible, ideally up to three years in advance in many cases. The key from here is ensuring that well-thought through programme is set up and a pathway to compliance is then established, as it's commonly the case that the last 20% of projects to update systems is the trickiest to navigate.
Financial services firms need to view these projects as ones driven by business decisions, not technology. What many need to also remember is that there's no one-size-fits-all approach when it comes to addressing end-of-life. In the case of where a move to a new operating system is needed, some applications can be moved to a more modern platform, but others may struggle due to incompatibility. Tools and expertise can enable firms to determine which apps are likely to successfully make the switch and identify the ones that potentially won't, and help plan for alternative solutions to be implemented to benefit the business.
There may be cases where fully replacing an end-of-life operating system is not viable for the business, potentially due to cost. The expertise and solutions of an external provider can allow the aging system to be protected and updated as best as possible to ensure it continues to meet the technology and regulatory requirements of the business. This means that organisations can avoid the back-to-front approach of investing heavily in completely replacing a system to a new version just so it can provide the same tools as it did before.
Keeping pace with technological change
The pace of technological change means that patches, feature updates and version updates are an almost constant occurrence across industries. What is new today is legacy tomorrow, so it's crucial for financial services firms to monitor their systems and ensure that they're aware of changes in advance of when they happen.
Partnership with the right external expertise can help firms to keep a more comprehensive record of changes that have been made to systems, allowing greater visibility and clarity for regulators, preventing systems from gradually drifting away from their desired state as updates are made. Doing so can also allow firms to have greater clarity of system end-of-life dates, enabling them to remain in control of their compliance with financial regulations and avoid the potential risks of failing to act.