By Steven Murray, solutions director, Compuware

The financial services sector has been subjected to significant technological change over the years. From the introduction of ATMs and mainframes in the 1960s, to internet and mobile banking in the new millennium, banks have ridden the waves of innovation to enhance their services. However, the digital transformation that the banks have been going through more recently is about to intensify to a whole new level, when the Payment Services Directive II (PSD2) comes into force in January 2018.

Under PSD2, European banks will be required to support open banking by providing third-party access to customer account and payment information. This will offer a greater level of innovation, convenience and transparency for consumers; enabling merchants to process payments directly and empowering customers to access multiple bank accounts from a single interface. As a result, banks need to be more integrated with the wider digital and Fintech economy, with the ability to share customer data quickly and securely through APIs (application programming interfaces). This will put them under greater pressure than ever to modernise IT processes and systems to meet the compliance deadline.

The stalwart at the heart of the bank

Chief amongst the systems that needs modernisation is the mainframe, which has sat at the centre of the bank for over 50 years, powering its transactions and underpinning its services since the day it was installed. Today, the mainframe remains the most secure, reliable and scalable platform around, which makes it the perfect engine for supporting the transformation that PSD2 requires. However, a reliance on legacy developer tools, cultures and techniques in the mainframe environment is obstructing banks’ ability to deliver innovation quickly enough to keep up with the changes being ushered in by PSD2. 

Ultimately, banks can only move as fast as their slowest platform, so they can no longer afford to neglect such an important IT asset that contains such a rich source of company IP. Many believe that the only solution is to undertake risky, lengthy and expensive projects to move their so-called legacy applications off the mainframe. However, there is a much simpler option:  banks must look at how they can bring the mainframe into the fold of mainstream IT. Doing so means it can then provide the same speed and agility as newer digital technologies, whilst enriching them with the deep-seated history and organisational DNA that lies within it. There are three key steps that banks must complete in order to do so:

• Step one: Give it a spring clean – The first step is to modernise the development environment so that even non-mainframe experts can create and update core banking applications quickly and without error. Providing a more intuitive toolset that closely resembles those they use on other platforms will significantly increase the mainframe’s usability for modern developers that are building out the ecosystem needed to achieve PSD2 compliance.  It is also crucial that the mainframe be fully integrated into modern IT departmental processes, such as DevOps, so it can run at the same speed as the wider digital ecosystem rather than sitting in an isolated slow lane.
• Step two: Improve your visibility – The sheer volume of transactions being processed through the mainframe will rocket with all the additional requests coming through the banks’ APIs. As a result, banks will not only need to support the explosion in transactions, but also ensure that service levels are maintained for third-parties. They need the ability to say with confidence that they are not at fault if any issues arise in the third-party financial services using their APIs. However, whilst most banks will lean heavily on the mainframe to process open banking transactions, the complexity of these systems has historically made it difficult to monitor its performance. As such, it will be almost impossible to identify the cause of any problems that arise with complete confidence, leaving banks open to taking the blame. They therefore need to extend their performance monitoring capabilities to encompass the mainframe now more than ever.
• Step three: Strengthen auditing processes – Given that PDS2 will provide open access to sensitive payments and account information to authorised third-parties, banks need sufficient auditing processes in place to ensure they are conducting due diligence and safeguarding data as it moves between systems. They will need to maintain a record of how and where customer data is being used, which APIs are requesting it and for what purposes it is being called upon, so that they can provide a full record of data use and access if required. However, a recent global survey of CIOs revealed that this level of insight into the mainframe is currently a “blind-spot” for 84% of organisations. Given that the majority of the data for open banking resides on the mainframe, banks urgently need to eliminate that blind-spot. That can best be achieved by capturing complete, start-to-finish mainframe session activity data in real time, and integrating it into a SIEM platform such as Splunk for deep analysis. 

PSD2 will create significant challenges for banks, but many are already taking the steps required to make it a success. Instead of seeing the legislation as a threat, those that are ahead of the game see it as an opportunity to embrace change for the benefit of customers, in the same vein as the adoption of ATMs and mobile banking. However, for this revolution to be successful, it is crucial that banks continue to ride the waves of innovation and push for the supportive cultural, process and tool changes to happen sooner rather than later. After all, it is not the strongest that survives, but those that are best able to adapt and adjust to the changing environment.