Battle of the Banks: Legacy vs fintech

by

Rock, meet hard place

Banks are faced with a software dilemma. Near-constant online outages are becoming a fact of life. Over decades many have accumulated towers of core legacy applications which are now being pushed to their limits they were never designed to hit. Written years ago and intended to serve a different world, this code is an impenetrable mess for the developers maintaining it.

When the slightest change could mean an outage and faced with a wholesale upgrade, many banks and their IT teams don’t dare interfere with code that works, no matter how old. Reliability is preferred when even the most skilled staff, knowledgeable in a multitude of programming languages past and present, might need days or weeks to fix a fault which, if unfixed, might see heads roll.

Legacy modernization is hence a reality for most banks.

Endless possibilities

By contrast, plucky fintech upstarts such as Wealthfront and Betterment are just the latest examples about to carve out the digital-native customers of stuttering American banks. Wealthfront alone has acquired $1bn in customer deposits in its first six months. If action isn’t taken quickly, legacy banks could fade into history, ultimately leaving customers worse off with less choice.

Unlike banks undergoing legacy modernization, to be able to offer new services and features, fintechs run on contemporary software, some code written in-house and other code bolted on from open source software (OSS). However, while clunky legacy code may be the issue for legacy banks, the ‘growth first, security second’ mindset might be the chink in the fintechs’ defenses. While OSS is free, easily-customisable and reduces time to market, it does open the door to potential security vulnerabilities buried in the code. Both in-house code and OSS need to be analyzed and remediated for potential risks before going into production.

Don’t tell me the odds

All new software presents two immediate problems: putting completely untested code into production and the question of compatibility when migrating data. Fintechs prosper using greenfield applications, lacking the baggage of their larger competition. They benefit from both their own large appetite for risk and that of their early adopter customers with a culture of experimentation and continuous development.

Legacy banks have no such option with far more data and systems to work with and massive, mainstream audiences expecting flawless performance 24/7. Any new software will need thorough testing beforehand to work out any kinks. Secondly, any integration will involve a connection between the old and new. Integration is key but, like a merger or acquisition, it’s rare for two different systems to work perfectly together. Software architecture needs to deeply studied and analyzed, refactored and if needed reengineered to ensure not only will new apps work as intended at full capacity, but also they play nice with any legacy software.

The never-ending race

So what hope do legacy banks have, how long will it take for them to catch up with fintechs? It’s clear the majority of legacy banks, particularly in markets such as North America, are several years away from reaching parity with the level of digital services fintechs can offer such as instant payment guarantees.

Legacy banks could partner up with, or buy out,  fintech banks and each leverage the other’s strengths. This might have a business case but would present huge software challenges to overcome from a risk perspective. Integrating a fintech with a legacy bank could expose the IT systems involved to even higher than usual levels of cyber and data privacy risks. Undertaking the complex integration process without proper technical due diligence and software intelligence would also affect the fintech’s performance — one of their key selling points.

Digital disruption could possibly leave older banks in a permanent state of catch-up even though they have their existing rich customer bases and many are seriously undergoing legacy modernization . That is unless fintechs become the new establishment and ignore their greenfield code ageing, inheriting the current problem of today’s legacy banks and allowing upgraded legacy banks to overtake.

It’s a classic Catch-22. Today’s banking battle is a never-ending race to push out new features regardless of whether a firm is a legacy bank or plucky fintech. A never-ending balancing act of preventing outages and security vulnerabilities versus legacy modernization. Whatever the bank’s history, whether software is fresh or legacy in-house or open sourced and about to be integrated with legacy systems, software intelligence aka deep insights into the software architecture is the key. When knowing is winning, the question isn’t your bank’s age, it’s how smartly your code is managed.

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
Listen to Infosys & CAST experts on “Smarter and Safer Application  Modernization”  21 November  Register for webinar
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
Lev Lesokhin
Lev Lesokhin EVP, Strategy and Analytics at CAST
Lev spends his time investigating and communicating ways that software analysis and measurement can improve the lives of apps dev professionals. He is always ready to listen to customer feedback and to hear from IT practitioners about their software development and management challenges. Lev helps set market & product strategy for CAST and occasionally writes about his perspective on business technology in this blog and other media.
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|