News

03:34 PM
Connect Directly
RSS
E-Mail
50%
50%

Profitability and Risk Driving IT Architecture Shift, Say Capco and HP

Banks' batch-driven IT architectures aren't ready to handle the real-time needs of the industry.

Banks' batch-driven IT architectures aren't ready to handle the real-time needs of the industry, according to Stanley Young, a partner at Capco (New York). Given the increased data demands by customers, internal users and regulators alike, many financial institutions are taking a hard look at what it would take to transform to real-time systems.

In fact, banks that stand still may face a revenue decline from their increasingly fickle customers. "Banks' profitability will be affected as transaction charges come under pressure in the future," says Young. "They're going to look for better ways of adding value to what they do for their clients."

For corporations, that boils down to real-time information. "Treasurers want to know instantly -- almost intra-day -- what their position is," says Young. "They want access to real-time data, almost transaction by transaction."

Not only that, corporate treasurers and CFOs want analysis based upon that real-time data, designed to answer important questions affecting their ultimate financial performance: "If they have a 'fail' [failed transaction] or a late invoice or late payment in one part of the world, what does that do to their liquidity position? How does that affect their foreign exchange exposure?" asks Young.

It's not just customer demand driving the need for real-time systems. There are also substantial computational requirements associated with risk management, fraud detection and anti-money laundering. "When you talk to the really sharp banks about this, they use multiple methodologies," says Lawrence Ryan, director at the financial services industry practice of HP (Palo Alto, Calif.), which has partnered with Capco in the financial services industry. "Especially when you get into areas like neural networks and pattern-matching, those things are hugely processor-intensive."

But despite the customer demand and risk management needs, most financial institutions aren't ready to handle real-time information. That's due to a dependence on mainframe systems and overnight batch processes. "The banking model is very much, at the moment, a batch process," says Young. "They're running reports on a monthly basis."

Adds Young, "That model has got to change."

However, transforming the operational model from batch-processing to real-time systems requires a substantial shift in IT architecture. It's not that the banks can't receive transaction information quickly enough through the Internet, SWIFTNet, or other inter-bank networks, but rather that they cannot instantly act upon such real-time information. "The pipes are there now -- it's not a network bandwidth issue," says Young.

Instead, the bottleneck has shifted to the processing side. "What happens when that transaction gets within the four walls of a bank?" asks Young. "It goes into a humongous database and then sits there."

The common response? Build another humongous database. "Some of the banks are creating data warehouses so that they can manipulate and manage that data, but it's still not real-time," says Young.

"Given the pressure that banks are under in terms of transaction costs, the ability to aggregate data, create business intelligence out of that data and get it back out to clients is going to be extremely important in how they compete in the future," says Young. "With that in mind, they've got to have the processing power to do those kinds of things."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.