By Peter Duffy, CTO, Sumerian
A series of high-profile IT failures in 2015 highlighted that many UK banks are still challenged by ageing IT systems and a culture of adopting a reactive rather than proactive approach to IT service management.
As Andrew Tyrie, chairman of the Treasure Select Committee, put it, “they don’t appear to be up to the job”. Now, with regulation poised to splinter their IT estates, it’s never been more important for banks to ensure robust risk and service management practices and end user performance.
The consequences of a bank outage were laid bare last year when Lloyds Banking Group was hit by payment problems; a server failure meant customers were unable to use their debit cards for almost four hours. RBS on the other hand suffered for weeks as the result of its legacy IT system, with some customers unable to properly access their accounts long after the initial IT failure had happened. With the shadow of the global financial crisis still cast over the economy, people will not be quick to exonerate banks for their IT blunders.
Regulatory changes are poised to compound this issue even further as banks become required to separate complex shared IT systems, many dating back to the 1960s and 1970s. This so called ‘Ring-fencing’ will force banks to divide their retail banking operations from their investment banking and overseas operations.
This creates a huge IT challenge for financial sector CIOs, who need to identify exactly what they have running and where, in order to separate their IT systems with minimum impact to their day-to-day business operations.
Also, the legislation requires ring-fenced banks to provide a real-time picture and monitor payment exposure on all accounts. This in itself creates a major IT headache. Banks have traditionally relied on overnight statements from their foreign bank providers for their accounting, and integrating that kind of information on the same day (as regulation stipulates) will profoundly test current banking systems. Although banks have until January 2019 to fully comply with the requirements, many will struggle should they choose to stay within the confines of their legacy IT infrastructure.
Fortunately, while the regulation undoubtedly creates significant pressures for the IT department, ring-fencing also provides a great opportunity to improve IT efficiency and clearly see when updates or performance issues need to be addressed. This is where capacity planning and predictive analytics is coming into its own, providing the tools for CIOs to get an accurate picture of their IT estates and to assure service performance and meet future business demands.
However, despite the obvious benefits of automated capacity planning, a survey we conducted last year at Sumerian, found that just under 50% of businesses still rely on spreadsheets and manual effort to perform capacity planning. Having a manual and unstructured approach to IT capacity planning can leave a company vulnerable to outages, through a lack of accurate understanding of its present and future capacity.
Managing an estate of this volume and scope in an outdated or manual fashion puts an intense strain on a company’s IT department – consider a modest estate of 10,000 servers. In order to maintain an estate of this magnitude you would need to collect system log information from each server at typically 5 minute intervals. That amounts to almost 2.9 million data points a day, all of which needs to be plotted and trended over a 30 day period to forecast potential future issues, especially in the financial services market where IT estates are incredibly large and complex.
Another factor is that there are a wider range of platforms to be considered by banks when it comes to capacity planning, compared to companies in other sectors, where environments are typically more standardized with a smaller set of platforms.
In such complex operating environments, where demand for different services can be volatile and high levels of change are a way of life, maintaining an accurate handle on capacity headroom and potential issues is a real challenge.
If a disk fills up on a database server and can no longer process transactions, the repercussions can be substantial. The common reaction is to throw money at the issue, adding resources, and turning to things like additional storage and virtualization to solve the problem.
This can offer a quick fix, but using new technologies like predictive capacity analytics can help banks make smarter decisions, and address any potential IT issues ahead of time – well before they impact service performance and customer perception.
With Andrew Bailey now heading up the Financial Conduct Authority, the regulator has adopted a vigilant and forward-looking IT modernizing ethos, voicing pragmatic concerns about banks and, above all, framing them in terms of honouring consumers’ expectations. As former head of the PRA, he has not shied away from heftily fining banks for failing to put in place resilient IT systems following IT failures in 2012. With these failures now becoming a regular occurrence, government reprimands and disincentives may steer banks the right way. However, banks should not hold out for regulatory nudges – instead they should get on the front foot and take proactive action.