Is legacy tech leaving your bank vulnerable?

By : Andrew Short

November 13, 2018 01:00 PM

When it comes to their technology systems and underlying infrastructure, many banks have traditionally had a very conservative attitude towards replacing or upgrading their solutions. Indeed, in many cases I've seen, major banks are still heavily dependent on technology that may be as much as 20 or even 30 years old.


Although this is an issue that's widely recognized in the industry, actually taking the initiative and upgrading to modern systems is still a long, drawn-out and complex process. Unwinding the code that has been developed over the past two or three decades is almost too daunting of a task.  However, it's an activity that must be prioritized, particularly in a fast-changing environment where requirements are constantly shifting and it will take a partnership between business and technology to begin the process.


Engaging around a common opportunity or threat is sometimes more effective in driving internal collaboration than simply focusing on operational efficiencies that could be gained.  One such threat that everyone can agree on for upgrading legacy technology is: protecting the bank from financial crime such as fraud and money laundering. As criminals become ever-more advanced in their tactics to get around banks' defenses, those without the solutions to counter this will be quickly identified as vulnerable.


Exposure to crime a key worry
recent survey from LexisNexis has revealed that this is a widespread concern among financial crime professionals. The study, which polled those working in the UK retail and investment banking sectors, revealed 92 percent identified their organization's legacy technology as a key barrier to their efforts to fighting crime in the next one to two years.


In particular, a lack of interoperability was named as a major challenge facing the industry. Some 87 percent of respondents said a reliance on disparate systems that are unable to process data effectively is a serious hindrance to their activities.


Another problem is that it can often be difficult and time-consuming to enhance and improve legacy technology solutions in order to cope with evolving attack matrices, which can mean that by the time a bank has adapted its solution in order to deal with one threat, criminals have already moved on to the next. Again, 87 percent of professionals stated their business is not able to enhance its technology fast enough to counter these evolving criminal methods. 


This is unsurprising, as continued reliance on legacy, siloed solutions means that banks will find it difficult to effectively share information between departments, which may each run their own completely independent stack of solutions. As fast, effective analysis of data is the key to identifying much criminal activity, lacking this sharing capability is a serious hindrance.


Closing these vulnerabilities
Given the severe consequences that banks can face if they fall victim to financial crime - both in terms of regulatory action and the damage to their reputation - being able to better combat these issues should be a key driver for banking IT upgrades. If business executives cannot be persuaded to invest by the efficiency or cost savings available, the threats to a banks brand or costly fines may help drive the hard work needed to begin replacing legacy technology.


Dan Curtis, UK managing director at LexisNexis, said: "For those tasked with combatting financial crime, it can feel as if they are fighting 21st century criminals with 20th century tools." He added that the report indicated that financial crime professionals "do not believe the industry is doing enough to leverage the advantages of technology to fight financial crime".


He added that while regulatory bodies such as the UK's Financial Conduct Authority are working to help with the rollout of more up-to-date banking technologies, more needs to be done on the industry side in order to ensure results.

Mr. Curtis said: "Practitioners must adopt a more strategic view of technology to enhance operational effectiveness, as regulation has rapidly evolved in the last 15 years and simply increasing staff numbers is not a sustainable approach."

Andrew Short

Mobile and Payments Solutions Manager – NCR Financial

Other articles by this author

Andrew has 20+ yrs experience in the software industry covering banking, healthcare and the telecommunications verticals. With past positions in finance, accounting, sales, and prod. mngt, he brings significant mobile and payment expertise to his current role.