Is the PRA dream of ripping and replacing banking IT feasible?

The head of UK financial services regulator the Prudential Regulation Authority (PRA) said it would be bold for banks to strip down and rebuild IT, but is this just a pipe dream?

The head of UK financial services regulator the Prudential Regulation Authority (PRA) says it would be bold for banks to strip down and rebuild IT, but is this just a pipe dream?

PRA CEO Andrew Bailey spoke recently of the utopian ideal of banks stripping down legacy IT infrastructures and rebuilding them, so they are fit for purpose.

Following numerous high-profile IT failures at banks, the regulators have launched investigations. The findings of these probes, including one into RBS’s major IT crash in 2012, are yet to be fully published.

The glitch in the RBS CA7 batch process scheduler ended with 12 million customer accounts being frozen. Customers could not access their funds for a week or more as RBS, NatWest and the Ulster Bank updated account balances manually.

Bailey told national newspaper The Independent that banks rebuilding IT from scratch would be better than the banks' current practice of integrating middleware with legacy systems when they require new services.

“What would be a very bold thing to do is stripping the machine down and rebuilding it instead of bolting bits together in complex fashions so you end up with a very complex architecture,” he said.

New competitors

Unless banks can fix their IT problems, new competitors could enter the retail banking space. Such organisations will not be handicapped by 40-year-old legacy systems. In fact, many potential banking newcomers, such as Google and Facebook, have IT at the core of their business proposition already, something that regulators are realising the banks need.

But how feasible is it for banks to actually do what Bailey describes as “bold”?

One senior IT source in the UK finance sector said: “It would be technically difficult, uneconomic and highly risky to try to start again and build systems from the ground up for the existing banks. The big old mainframe systems are core to what most retail banks do and they have worked well for decades.”

But he said there will be threats to banks from competitors that are more nimble and state-of-the-art in IT terms. “The new brands getting into financial services can indeed build from scratch using latest technologies and architectural trends,” he said. “I am expecting Facebank, Googlebank, Amazonbank, Ebaybank, PayPalbank and Wongabank to emerge soon, just picking on a few examples.”

The IT source said there is an ongoing process of banks decommissioning and replacing systems to reduce maintenance costs and simplify their estates. “It costs quite a lot to get rid of a system because you can't just ignore it; it's more like demolishing a building without damaging the buildings (systems) next door.”

He said it is difficult for IT departments to make a business case for deleting a system when the break-even against maintenance cost savings is years away. “You can imagine what the reaction is in these cost-pressured times. Tough sell,” he added. 

The source, who wanted to remain anonymous, said the sheer size of the banks and their global interconnectivity means there is a highly complex IT infrastructure underpinning their operations. “When you operate in 50 countries, you may have 50 flavours of a system to cope with local laws, regulations and languages,” he said. “Multiply that by a few thousand systems per bank and then by the number of banks. Simplification on an industry scale may need close collaboration between firms, governments and regulators, which is unlikely to happen unless it is forced upon them.”

The source added that mainframe systems are still doing the job. They were written in an era “when quality was genuine, not just aspirational”, he said. Mainframe environments tend to be better managed and controlled than other platforms, the source added.

Splitting the systems

Jean Louis Bravard, former global CIO at JP Morgan and senior adviser in the IT services sector, said banks could start by splitting core banking systems and payment systems. “In both cases, the challenge is that you cannot stop the machine, and building new solutions will cost huge sums of money,” he said. “Typically, banks have neither the time nor the budget to build/replace, so they maintain what is increasingly unmaintainable and the regulator has so far never been capable of crying wolf.”

Bravard cited Santander’s Partenon system as an example of how to replace core banking systems. The Spanish banking giant has acquired numerous other banks and moved them onto its in-house core banking system.

“But that has been painful and I seem to believe that moving that into the UK is not easy,” he said.  

Bravard said there are off-the-shelf core banking systems, but they have limits and could introduce further risks. “Each bank is so different that the package would only be a start-up kit and any later deployment would annihilate the value of a 'package' while incorporating risk from any supplier,” he said.  

“Using third-party suppliers may be a strategy, but the cost would be enormous and would feed consultants for years without providing any value in a reasonable timeframe.”

He said payment systems, which are at the root of banking, can be re-engineered and modernised to cut costs dramatically. “My experience in the case of Fin-Force is that we cut the unit cost 90% in three years and got a truly modern 'engine',” he said.

“If I were the CEO of a bank, I would fund a large multi-year project of modular re-engineering led by a proven big programme manager. The budget would be in hundreds of millions of pounds, but the target would be cost neutral within five years.” The project manager and key staff compensation would be linked to results, he added.

Very risky game

Alex Kwiatkowski, head of IDC Financial Insights in Europe, said the integration of legacy systems makes replacement seem like a very risky game of Kerplunk.

“Once again, a regulator helpfully proposes something which, in reality, is near impossible due to the complexity,” he says. “Although, in an ideal world, stripping the machine down and rebuilding it would be great, the sheer scale dictates that this is unlikely to happen.”

Kwiatkowski said there are two potential approaches: banks could shift everything to the cloud, removing the reliance on premise-based hardware and software; or build new banking IT architectures in parallel with existing legacy.

“Fully test to ensure everything works correctly, and then perform a switchover, with a priest on standby to pray that it works,” he said.

Kwiatkowski does not think the option of moving everything to the cloud while rebuilding is likely at the moment. “Not because the cloud is not capable, because it is, but due to cultural opposition among the IT fraternity, especially in the bigger institutions, to relinquishing full control of core systems.”

Option two, building new platforms one by one, is more achievable, he said, but with budgets of billions rather than millions. “Luckily – or unluckily, depending whether you're the guy who has to write the cheque – the strategy of doing nothing has a limited shelf life, and so banks cannot hide behind the 'it costs too much' argument for much longer.”

Kwiatkowski said banks will have to spend heavily for up to five years or risk more failures that will be damaging because they will be picked up by customers, regulators, politicians, media and investors.

Read more on IT legislation and regulation