Less change is more when it comes to keeping IT systems secure, successful and compliant
By Guy Tweedale, regional VP, Rocket Software.
The UK banking industry is changing and we’re starting to see smaller, more local ‘challenger’ banks join forces to take on the big four high street lenders.
This summer’s takeover announcement of Virgin Money by Clydesdale and Yorkshire Banks (CYBG) is an example of this trend and provides a good test case as the new bank promises to champion consumers and ‘challenge the status quo’.
There is a certain amount of scepticism around the deal, but whether you view the move as a challenger revolution’ or the creation of just another faceless bank, any such merger requires careful planning and risk mitigation – especially when it comes to customer-facing technology and operations.
Reputation and customer service are everything to banks and any hiccups, downtime or, worse, security issues – perceived or otherwise – can send valued account holders running to the competition.
What’s in a name?
It’s natural for customers to question their banks when a new merger is announced – will their trusted bank still provide them with the best rates? Will their investments, savings or mortgages still be safe? Will the new, larger bank understand their needs and provide the service – and access – they are used to?
To avoid creating panic and losing customers, the first thing merging banks need to do to keep their accounts safe is nothing. Well, not exactly nothing – but before they start making changes to their brand or integrating their IT systems, banks need a clear action plan to mitigate risk and to assure customers and investors that not only is their money safe, but that the newly merged bank will provide the level and quality of service they expect.
When it comes to branding,banks need to tread carefully. Customers of Clydesdale and Yorkshire Bank, for example, may think that by adopting the Virgin brand, their new bank is ‘going global’. They may feel left behind – especially if they perceive that they are currently working with a more local bank that understands them. Any change in bank cards, account numbers or login details may also make customers feel they are being forced to move to a different bank anyway and could prompt them to consider moving their money elsewhere.
Safety – and security – first!
Branding and names aside, keeping customers’ accounts and data safe are paramount to any merger, and in the highly regulated world of banking this is even more essential. When it comes to keeping sensitive information safe, the less movement of data, the better. Rather than choosing one bank’s IT system over the other, it needs to be about maximising business value, while minimising risk.
In other words, the CIO needs to assess where merging or changing systems can positively impact the business and mitigate security threats by paying close attention to these areas and leaving the rest alone. For example, little value can be derived from merging or changing underpinning systems such as mainframes – and trying to do so can lead to opening up massive security holes.
Banks can avoid the risks of a mass migration of data and IT systems and still create an easy-to-access and secure customer front-end,post-merger. By using APIs and data virtualisation, merging banks can link mainframes and distributed IT systems, meaning that existing systems can communicate with each other seamlessly. This allows the new, consolidated bank to mix and match data from its various back-end systems as if they were one, to create a personal experience for each customer at any point of contact – mobile, online, via phone or in branch – without compromising security.
Customers are happy with the consistent, tailored experience from the bank and thanks to the APIs, their information remains in place and secure. The bank reduces the risks associated with moving data and merging systems, as well as saving time and money while remaining compliant with regulations.
Leaving a trail
Speaking of compliance, a bank merger can become a minefield when it comes to ensuring compliance with regulations such as GDPR and PSD2. And when it comes to integration and building new systems, automated application lifecycle management (ALM) technology can help to control the development process and ensure it remains compliant and secure.
When developing new applications and technology post-merger, it’s important to make sure you don’t open ‘back door’ holes in the systems. To ensure you never leave customer data unprotected or in breach of regulations, the bank needs to create an audit trail of any changes to applications – and ALM automation can do just that. It automatically tracks and documents every step of the development process which not only ensures the data stays in the right place, but also helps to avoid errors and keep the process on track, minimising downtime and allowing the bank to maintain an inventory of each new application.
An automated system can detect whether versions have somehow fallen out of sync, allowing action to be taken to either prevent users accessing it until the problem is fixed, or quickly rolling back to a previous version if required.
Maintaining the status quo
The current merger of Virgin Money and CYBG is unlikely to be the last we see of smaller banks coming together to compete with larger institutions – with each promising the most mobile, customer-friendly banking yet. Whatever stance you take on this latest trend, any bank merger requires due diligence and meticulous planning. From a technology perspective, by keeping things simple and avoiding change for change’s sake, banks can minimise risk, reduce downtime and keep their systems compliant and up and running – all of which are essential to keep their customers on side and encouraging them to invest in the future.