Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites.
Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. For avoidance of any doubts and to make it easier, you may consider any links to external websites as sponsored links. Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.


By Steven Murray, solutions director, Compuware

The financial services sector has been subjected to significant technological change over the years. From the introduction of ATMs and mainframes in the 1960s, to internet and mobile banking in the new millennium, banks have ridden the waves of innovation to enhance their services. However, the digital transformation that the banks have been going through more recently is about to intensify to a whole new level, when the Payment Services Directive II (PSD2) comes into force in January 2018.

Under PSD2, European banks will be required to support open banking by providing third-party access to customer account and payment information. This will offer a greater level of innovation, convenience and transparency for consumers; enabling merchants to process payments directly and empowering customers to access multiple bank accounts from a single interface. As a result, banks need to be more integrated with the wider digital and Fintech economy, with the ability to share customer data quickly and securely through APIs (application programming interfaces). This will put them under greater pressure than ever to modernise IT processes and systems to meet the compliance deadline.

The stalwart at the heart of the bank

Chief amongst the systems that needs modernisation is the mainframe, which has sat at the centre of the bank for over 50 years, powering its transactions and underpinning its services since the day it was installed. Today, the mainframe remains the most secure, reliable and scalable platform around, which makes it the perfect engine for supporting the transformation that PSD2 requires. However, a reliance on legacy developer tools, cultures and techniques in the mainframe environment is obstructing banks’ ability to deliver innovation quickly enough to keep up with the changes being ushered in by PSD2. 

Ultimately, banks can only move as fast as their slowest platform, so they can no longer afford to neglect such an important IT asset that contains such a rich source of company IP. Many believe that the only solution is to undertake risky, lengthy and expensive projects to move their so-called legacy applications off the mainframe. However, there is a much simpler option:  banks must look at how they can bring the mainframe into the fold of mainstream IT. Doing so means it can then provide the same speed and agility as newer digital technologies, whilst enriching them with the deep-seated history and organisational DNA that lies within it. There are three key steps that banks must complete in order to do so:

  • Step one: Give it a spring clean – The first step is to modernise the development environment so that even non-mainframe experts can create and update core banking applications quickly and without error. Providing a more intuitive toolset that closely resembles those they use on other platforms will significantly increase the mainframe’s usability for modern developers that are building out the ecosystem needed to achieve PSD2 compliance.  It is also crucial that the mainframe be fully integrated into modern IT departmental processes, such as DevOps, so it can run at the same speed as the wider digital ecosystem rather than sitting in an isolated slow lane.
  • Step two: Improve your visibility – The sheer volume of transactions being processed through the mainframe will rocket with all the additional requests coming through the banks’ APIs. As a result, banks will not only need to support the explosion in transactions, but also ensure that service levels are maintained for third-parties. They need the ability to say with confidence that they are not at fault if any issues arise in the third-party financial services using their APIs. However, whilst most banks will lean heavily on the mainframe to process open banking transactions, the complexity of these systems has historically made it difficult to monitor its performance. As such, it will be almost impossible to identify the cause of any problems that arise with complete confidence, leaving banks open to taking the blame. They therefore need to extend their performance monitoring capabilities to encompass the mainframe now more than ever.
  • Step three: Strengthen auditing processes – Given that PDS2 will provide open access to sensitive payments and account information to authorised third-parties, banks need sufficient auditing processes in place to ensure they are conducting due diligence and safeguarding data as it moves between systems. They will need to maintain a record of how and where customer data is being used, which APIs are requesting it and for what purposes it is being called upon, so that they can provide a full record of data use and access if required. However, a recent global survey of CIOs revealed that this level of insight into the mainframe is currently a “blind-spot” for 84% of organisations. Given that the majority of the data for open banking resides on the mainframe, banks urgently need to eliminate that blind-spot. That can best be achieved by capturing complete, start-to-finish mainframe session activity data in real time, and integrating it into a SIEM platform such as Splunk for deep analysis. 

PSD2 will create significant challenges for banks, but many are already taking the steps required to make it a success. Instead of seeing the legislation as a threat, those that are ahead of the game see it as an opportunity to embrace change for the benefit of customers, in the same vein as the adoption of ATMs and mobile banking. However, for this revolution to be successful, it is crucial that banks continue to ride the waves of innovation and push for the supportive cultural, process and tool changes to happen sooner rather than later. After all, it is not the strongest that survives, but those that are best able to adapt and adjust to the changing environment.