The European banking sector is under increasing pressure to simultaneously modernize and secure their operations under decreasing budgets. They prepare for regulations like GDPR whilst facing competition from FinTechs and Challenger banks on the back of regulatory changes under Open Banking and PSD2. This fast-paced change might be coming at a cost to the quality and security of the software that runs these banking businesses.
In the wake of Equifax and other monumental breaches of 2017, QA professionals now find themselves in an interesting position. No longer at the helm of risk prevention efforts, the QA role has largely been decentralized as part of the DevOps movement. QA is now a part of a largely automated process that includes software development and operations teams who are more business focused and agile to help the organization bring new products to market faster to compete with challenger banks.
So in this agile and automated way of working, who is overseeing structural risks at a system level and ensuring that software risk and security are maintained, without having to embed security experts on every team?
This was the main theme of a recent panel discussion at the QA Financial Forum in London, where I joined executives from Credit Suisse, Bank of America Merrill Lynch and BlackRock to discuss the impact of the DevOps movement on QA, vendor management and software risk and security.
As QA professionals look to stay relevant in the increasingly automated world of software development and delivery, they should look to differentiate their role in three primary ways:
- Measure and mitigate software risk at a system level. It should be a priority of QA to monitor the overall health of mission-critical software, particularly applications that are complex and composed of multiple technologies. There are many companies starting to do this well. For example, Fannie Mae in the US is driving disruptive change by building a system level software quality gate in their automated DevOps tool chain.
- Help developers write better code through education and building an end to end blueprint of the systems. Whilst development teams already use static code analyzers to check software quality at a unit level, QA leads can assess structural health at a system level and build a feedback loop with dev teams to ensure they write better quality software. Blueprinting the end-to-end technology stack will help DevOps teams do better impact assessment.
- Ensure cost efficiency by reducing software maintenance efforts. Many banks are still spending up to 70% of their IT budgets on run the bank initiatives. This prevents organizations from investing in ‘change the bank’ initiatives that help them compete with FinTechs. By helping reduce Technical Debt release-by-release, ‘run the bank’ costs will reduce as the code base becomes less spaghetti, thereby shortening the time to market for new functionality. With a better understanding of application portfolio performance, QA pros can help guide ADM efforts and keep costs on-track.
By facilitating and spreading “Software Intelligence” within the IT organization, QA professionals can elevate their role while supporting better software performance from a cost, resiliency and security perspective.