Colin Dean is account manager EMEA insurance and financial services of Hyland, creator of OnBase. www.onbase.com
Institutions have made significant efforts to update their technology infrastructure since the financial crisis, often to save costs and modernise ways of working. These investments should have provided smoother and more thorough engagements with regulators, but instead, many companies face audit nightmares because of the legacy systems left in the shadows.
Banks, in particular, face significant pressure when it comes to implementing new IT systems. Because the change process is difficult and there have been high profile failures managing change in customer-facing systems – infrastructure has generally been updated on a piecemeal basis, according to need. This left most banks with a combination of new and legacy systems, with many of the latter not fully integrated into the wider structure.
Some of these legacy systems are well past their sell-by-date. Yet they remain in place, either because the change is perceived as difficult and expensive, or because they are not deemed a priority area at a time when the emphasis remains on reducing costs, rather than investing. For example, at least one major UK bank still uses paper forms to record processes in one of its departments. Of course, since non-digitised information is next to useless, that data is manually entered into a core system or even worse, spreadsheets, for use elsewhere in the organisation.
Not only is this painfully inefficient, it also poses a serious security risk around data that exists in a format that could easily be copied onto a USB – even assuming it cannot be emailed to external recipients.
With a system such as this, there is also the question of how long it takes before updated versions of the data become available to managers and executives – if ever it does become available in a meaningful way that can easily be analysed in the context of other departments and risk factors. The oldest of the legacy IT systems have become shadow technology – information silos that cannot easily be audited or assessed.
The impact of this approach can be strategically significant, as opportunities are missed due to uncertainty and misinformation, and will seriously hamper an organisation’s ability to respond decisively and clearly to systemic threats or requests from the regulator. Unfortunately, the future does not look like a period of stability, where IT systems can be brought together as legacy applications are phased out. Costs, in particular, continue to be a concern for many financial services firms.
Nevertheless, the industry must tackle this challenge and move towards a credible audit trail and single version of the truth that can allow executives, risk managers and, where necessary, regulators, to view the full workings of an organisation, accurately and in real time.
This approach could bring significant advantages in terms of efficiency, management overview and potentially in the increasingly important area of data analysis. At the same time, the cost of bringing these shadow systems into the light can be kept to a minimum, by harnessing an enterprise information platform. This platform is commonly used as an information hub to not only tie disparate systems together within a large organisation, but it can also be used to directly create alternatives to the most out-of-date systems, such as those still relying on paper forms.
Such enterprise information strategies, which can be implemented with little disruption to an organisation and work alongside existing IT systems rather than replacing them, make access to all data possible from a single point that is secure and up-to-date. At the same time, strict access management ensures that only individuals with suitable need, clearance and seniority within a company can access or change data. This stringent permission enforcement is at the core of any credible information platform, allowing a business to control where each document is accessed from and sent to.
Once a single version of the facts – the truth about the company and its activities – is created, managers can concentrate on navigating the current market and regulatory environments, while the enterprise information system is configured to ensure risk and regulatory compliance are automatically built into every step of processes across all departments. Should an issue arise, the relevant documents and their trail are available immediately.
Information silos created by out-of-date systems in the less prioritised departments within financial institutions are like icebergs in a sea that have supposedly been declared safe by the tightening of regulations in recent years. It is only a matter of time before one causes a disaster. In order to avoid shipwrecks, executives and regulators at the helm of the financial system must have access to a single, credible set of data with no blind spots in it: One version of the truth about every department, which will help create greater resilience, which reducing risk.