Rock, meet hard place
Banks are faced with a software dilemma. Near-constant online outages are becoming a fact of life. Over decades many have accumulated towers of core legacy applications which are now being pushed to their limits they were never designed to hit. Written years ago and intended to serve a different world, this code is an impenetrable mess for the developers maintaining it.
When the slightest change could mean an outage and faced with a wholesale upgrade, many banks and their IT teams don’t dare interfere with code that works, no matter how old. Reliability is preferred when even the most skilled staff, knowledgeable in a multitude of programming languages past and present, might need days or weeks to fix a fault which, if unfixed, might see heads roll.
Legacy modernization is hence a reality for most banks.
By contrast, plucky fintech upstarts such as Wealthfront and Betterment are just the latest examples about to carve out the digital-native customers of stuttering American banks. Wealthfront alone has acquired $1bn in customer deposits in its first six months. If action isn’t taken quickly, legacy banks could fade into history, ultimately leaving customers worse off with less choice.
Unlike banks undergoing legacy modernization, to be able to offer new services and features, fintechs run on contemporary software, some code written in-house and other code bolted on from open source software (OSS). However, while clunky legacy code may be the issue for legacy banks, the ‘growth first, security second’ mindset might be the chink in the fintechs’ defenses. While OSS is free, easily-customisable and reduces time to market, it does open the door to potential security vulnerabilities buried in the code. Both in-house code and OSS need to be analyzed and remediated for potential risks before going into production.
Don’t tell me the odds
All new software presents two immediate problems: putting completely untested code into production and the question of compatibility when migrating data. Fintechs prosper using greenfield applications, lacking the baggage of their larger competition. They benefit from both their own large appetite for risk and that of their early adopter customers with a culture of experimentation and continuous development.
Legacy banks have no such option with far more data and systems to work with and massive, mainstream audiences expecting flawless performance 24/7. Any new software will need thorough testing beforehand to work out any kinks. Secondly, any integration will involve a connection between the old and new. Integration is key but, like a merger or acquisition, it’s rare for two different systems to work perfectly together. Software architecture needs to deeply studied and analyzed, refactored and if needed reengineered to ensure not only will new apps work as intended at full capacity, but also they play nice with any legacy software.
The never-ending race
So what hope do legacy banks have, how long will it take for them to catch up with fintechs? It’s clear the majority of legacy banks, particularly in markets such as North America, are several years away from reaching parity with the level of digital services fintechs can offer such as instant payment guarantees.
Legacy banks could partner up with, or buy out, fintech banks and each leverage the other’s strengths. This might have a business case but would present huge software challenges to overcome from a risk perspective. Integrating a fintech with a legacy bank could expose the IT systems involved to even higher than usual levels of cyber and data privacy risks. Undertaking the complex integration process without proper technical due diligence and software intelligence would also affect the fintech’s performance — one of their key selling points.
Digital disruption could possibly leave older banks in a permanent state of catch-up even though they have their existing rich customer bases and many are seriously undergoing legacy modernization . That is unless fintechs become the new establishment and ignore their greenfield code ageing, inheriting the current problem of today’s legacy banks and allowing upgraded legacy banks to overtake.
It’s a classic Catch-22. Today’s banking battle is a never-ending race to push out new features regardless of whether a firm is a legacy bank or plucky fintech. A never-ending balancing act of preventing outages and security vulnerabilities versus legacy modernization. Whatever the bank’s history, whether software is fresh or legacy in-house or open sourced and about to be integrated with legacy systems, software intelligence aka deep insights into the software architecture is the key. When knowing is winning, the question isn’t your bank’s age, it’s how smartly your code is managed.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.