Financial services IT departments are on high alert after the Independent Banking Commission (IBC) recommended that banks separate their retail and investment operations.
The IBC report is scant on detail but conclusions about its impact on IT are being drawn. As well as individual systems requiring separation, entire IT operations might face restructuring before the recommendations come into force in 2019.
The report into the structure of UK banks followed an interim report in April, and recommended that banks separate their high-street retail operations from the risky investment arms to reduce the risk of future taxpayer-funded bail-outs. Banks would have to put retail operations behind a firewall to separate consumer banking from wholesale and investment operations.
Such a move is seen by many in banking as less harsh than a complete separation, but the IBC report recommends that banks complete the ring fencing by the end of 2019.
The retail operations of UK banks suffered when investment divisions ran into trouble during the 2008 financial crisis. The government is determined to avoid a repeat of the events which affected bank customers and brought TV images of queues of panicked account holders at Northern Rock that came to depict the financial crisis.
Large banks which have retail operations running alongside investment units will be faced with major upheaval between now and the deadline in 2019.
Jean Louis Bravard, director at sourcing broker Burnt-Oak Partners and previously global head of financial services at IT service provider EDS, said there will be a lot of work required to ring-fence retail operations effectively.
"A lot of the systems were built in the 1960s and 1970s using Cobol and bells and whistles have been added later. The people that built them have either died or retired," he said.
Bravard said that many of the systems were not properly documented: "How do you undo the puzzle without the manual?" In the 1990s the internet arrived and different legacy systems were increasingly integrated which has added further complexity.
David Sherriff, CEO at banking system supplier Microgen, said the size and complexity of systems will mean IT departments will have their work cut out: "2019 seems a long time away but if you look at the complexity of these systems and their scale it will take a considerable period of time."
Sherriff said the report also highlights the need for banking operations to be structured in a way that ensures service continues for a retail bank even if another part of the company collapses. This will also apply to IT operations.
The IBC report expects that banks will have to spend between £4bn and £7bn to complete the separation.
Kosta Peric, head of innovation at Swift, the shared service for bank payments, said there will be operational implications but it's too early to say what they are.
"From the Swift perspective for example, we know that both the retail and investment arms of banks connect to Swift, usually through a single back-office operational system for obvious efficiency reasons. It is not clear at the moment whether the ring fencing will mandate actual separation of these operational systems. This is one example but there are most probably other operational systems that will be subject to the same questions," he said.
The IBC recommended that the "wider corporate group should be required to put in place agreements to ensure that the ring-fenced bank has continuous access to all of the operations, staff, data and services required to continue its activities, irrespective of the financial health of the rest of the group."
It also recommends that retail banks ensure continuous access to payments systems: "The ring-fenced bank should either be a direct member of all the payments systems that it uses or should use another ring-fenced bank as an agent."
To achieve these operational rules banks would have choices including creating a subsidiary to house IT operations, which would be separate from the group, or they could have their own IT infrastructure.
The report also suggests a potential role for outsourcing, whereby a retail bank could have its own agreement with a supplier to ensure service continuity even if the rest of the bank failed.
"All of the relevant infrastructure could be supplied independently of the ring-fenced bank - either from a third party, or from the rest of the group, with appropriate service level agreements in place," it said.
John Worthy, technology partner at law firm Field Fisher Waterhouse, said the proposed ring-fencing would significantly affect the way banks manage their major IT systems and their outsourcing deals.
"This will force a costly U-turn since international banks have been striving to link up their systems more fully, in order to save cost and clarify their overall risk profile. While the banks will be keen not to lose the benefits of risk transparency, the new regime may force them to split some of the links across their IT systems and outsourcing deals down the middle, causing extra cost and disruption," he said.
"As so often, the devil will be in the detail. However, banks will fight hard to avoid having to create mirror systems, in view of the set-up and ongoing expense of doing so and the increased regulatory burden."
Worthy said that in any procurement of new systems and outsourcing deals over the next few years, banks would need to look at how the ring-fencing could be implemented if required or risk major restructuring later.
"This could add to the cost and complexity of the deals from now on, since the technical design and contractual frameworks will need to allow for a separation in future if the ring-fencing requirement is brought in," he said.
Analyst IDC said there could be disruption to IT spending in the short term. "It is far too early to know the full impact of these recommendations, but a possible immediate impact will be to muddy the waters by creating uncertainty and thus possibly disrupt and curtail IT investments in the short term," said the firm in a research note.
IDC recommends bank CIOs must consider how the IBC report could affect them. It says the report will increase interest in reporting, business intelligence and analytics technologies with IT resources diverted away from existing projects.
"But it could create the opportunity for new IT innovation, especially among new entrants, to deliver improved banking services/products, and it will drive increase interest among banks in alternative delivery models for IT - in particular around cloud computing and the whole hosting debate in the UK," said IDC.
But James Martin, former IT COO Europe at Lehman Brothers, played down the impact on banks' IT operations. He said the changes are geared towards ensuring banks do not channel money from retail operations into investment units. He said there are lots of systems shared by different operations within banks but these are usually things like HR and payroll systems. "Data networks and infrastructures are shared but they do not involve money moving between bank divisions so I am not sure they will have to be separated," he said.
"The main thing they want to achieve is to stop money being syphoned out of the retail businesses."
But Microgen's Sherriff said the fact that different parts of banks share corporate systems means they may need to be separated: "There are a lot of shared services at group level but retail banks will have to be able to report as their own legal entity."
He said technology such as reporting and ERP systems might have to be separated.
Tony Virdi, vice-president of banking and financial services at service provider Cognizant, said ring-fencing will present major technological and process challenges following efficiency drives at banks in recent years,
"To complete these structural reforms by 2019, banks will face some big challenges from an operational and infrastructure perspective. IT, including vital, large banking and payment systems, will have to be restructured and/or re-engineered and banks will need to leverage business and IT processes that they may no longer be sufficiently familiar with," he said.
Virdi added that as a result of outsourcing and cost cutting banks will need to recruit the right skills to be able to complete the changes: "They will certainly need major technology and domain support to effect such significant changes.
All the changes are being recommended to protect retail operations in the event of a failure in the banking sector similar to that in 2008. But IT industry body Intellect said the report fails to address the problem that banks might not be able to avoid another collapse unless they can better collate and analyse information about their business.
Intellect has called on the government to investigate how the banks could avoid the problems of 2008 through better use of data.
Keith Saxton, chairman of Intellect's Financial Services Programme, said even when the ICB plans are implemented there would still be a risk of another financial crisis could be upon us and both the banks and regulators would be none the wiser until it was too late to act to avoid it.
"A ring fence would protect the economically critical processes that banks house, but if the investment banking arm of a universal bank fails, the negative consequences on the wider economy will still be significant. It is another missed opportunity for both the regulators and banks themselves to improve the markets infrastructure," he said.
"Transparency is the only way to bring back market safety and stability, and this depends on banks being able to identify and manage risk on their balance sheets, and regulators being able to track and measure risk within the system as a whole. The ICB reforms do not adequately address these basic requirements."
Some banks are built on technology that is up to 50 years old. Replacing these legacy systems is not easy and banks have been avoiding it for years. The IBC report might stimulate the banking sector into action.