A recent study revealed that banks' intricate technology infrastructures not only cost them inordinate amounts of money to maintain, but also put their compliance programs at a disadvantage.
The Cost of Complexity Survey 2005, sponsored by London-based application portfolio management provider HAL Knowledge Solutions and conducted by Loudhouse Research, also of London, concluded that banks must have a clear view of their legacy code if they wish to implement effective IT governance programs. Due to the fact that the actual IT systems are so complicated today, technology professionals at financial institutions do not have the necessary transparency to audit and control them properly.
"As auditing and compliance increase in organizations, your need to understand what you have increases," says Billy Hamilton-Stent, director of Loudhouse Research. "We tell banks there are a triumvirate of issues coming their way, and if they do not have all their ducks in a row, they cannot properly tackle the problem."
This trio consists of compliance, governance and outsourcing, issues Hamilton-Stent describes as "distinct yet interdependent."
Compliance is an important area. The challenges here revolve around visibility, he says. "The IT department needs to better understand the infrastructure it manages. If it doesn't have the right tools to do this, then any auditing of this system will be inaccurate."
The key areas here are with Basel II and SOX. Hamilton-Stent says that although not all the institutions in the survey had a SOX requirement (many were solely European banks), of those that did, 60 percent were either pursuing or achieving SOX compliance.
The second challenge, governance, is especially daunting for IT departments. Seventy percent of those in the survey had a governance group in place. According to Hamilton-Stent, this is vital to their building discipline to help ensure that IT supports business goals properly. "There is a massive accountability requirement on IT that they didn't have 10 years ago," he says.
The final issue, outsourcing, is also universal. All the companies polled in the survey had some form of application outsourcing. Outsourcing is a given in most large financial institutions today. The problem is, as soon as they take things outside their control, problems can occur if they do not have good visibility of the systems in the first place. "You won't be aware if you're getting good, bad or indifferent service if you don't know what you have," he says.
Hamilton-Stent admits it takes much in the way of investing time and money to attain a proper level of transparency and auditability. However, it will be well worth it in the long term.
"You need to prioritize what parts of your IT infrastructure need to be looked at and just take it one step at a time," he says. "You have to make sure you have demonstrable ROI in this. What you'll be doing is reducing the amount of investment you will need to spend on compliance in the long run."
In order to gain true visibility, Hamilton-Stent says banks need to examine this IT infrastructure down to the actual code. "Most banks won't do this unless there's an error," he explains. "But this leads to the ultimate efficiency."
Other findings of the study include:
On the net: