Operational Resilience and Innovation: UK Financial Services
The direction of the UK’s financial services sector has always been driven by ever-evolving consumer needs. Delivering an efficient, secure and functional user experience should be the primary driver for any financial services firm’s strategy – especially when it comes to technology. This means technology leaders in the financial services sector are up against the need to innovate at an incredulously fast pace, whilst ensuring compliance with a myriad of regulations. Balancing these challenges isn’t simple – innovation often takes a back seat to core operational performance. Even then, sometimes systems stutter, wobble and crash – which can be catastrophic when it comes to an area as sensitive as finance.
In the last two years, there has been several well-publicised IT failures in the sector. Some firms have had catastrophic system failures resulting in customers being rendered unable to access services which they rely upon. In many cases, the root causes are multiple – corner-cutting in software testing, poorly architected/ monolithic systems and ill-governed security management to name a few. Above the technical issues, an inadequate approach to managing risk and dealing with fallout of failure leads to extremely negative customer reception, brand damage and can see firms slapped with hefty fines by UK regulators.
“Operational resilience” is a term that is currently being echoed everywhere in the context of financial services technology. As defined by the FCA, operational resilience is “the ability of firms and the financial sector as a whole to prevent, adapt, respond to, recover and learn from operational disruptions”. These disruptions, the FCA highlights, are inevitable – it isn’t the erasure of them that is underlined as a priority – it’s how firms act in the face of their presence.
In October 2019 The UK Treasury highlighted the four biggest issues that undermine financial services firms’ efforts to remain resilient. The practicalities of implementing and adhering to an operational resilience strategy that circumvents these issues are highly complex. As a software development partner working with financial services companies, these are Godel’s practical strategies to navigate this challenge from a resilient software delivery perspective.
May 2020 update:
Recent events have seen UK financial services regulators focus on enabling financial services firms’ ability to support their customers’ current needs during intense disruption. Uncertainty at present makes it even more difficult to strategically deliver against pre-existing regulatory and consumer demands.
However, the tenets that underpin the challenges detailed in this article remain critical – more so now, than ever. Financial services firms must drive towards operational resilience, especially in times of highly unpredictable demand. Agility in response to a changing market will be the difference between success and failure for many firms – once again, the balance between stability and innovation shining through as more important than ever.
Ultimately financial services firms must keep their end-users front and centre of their technology strategies, now as much as ever. Here are the top four causes of operational risk – and how to circumvent them.
“We are concerned that time and cost pressures may cause firms to cut corners when implementing change programmes”.
Even young, agile FinTech start-ups wrangle with the challenge of technical debt when trying to drive new solutions into production. A lack of good change management can result in issues that create unexpected bugs which cause problems seemingly out of nowhere. When customers are impacted by technical errors caused by change, their frustration is inevitable. Today’s financial services customers are more likely to vent frustrations online in clear view of the wider market and are less likely to remain loyal to a platform that suffers from regular issues.
A blend of agile methodologies can be taken on board to mitigate the potential risk of change. Firstly, the importance of adhering to the 12 principles of agile cannot be understated. To summarise these tenets: stakeholders (developers, designers, agile delivery co-ordinators, senior management etc.) involved in building a system must work together in a continuous, collaborative and constant manner to deliver working software, and adapt to changes by delivering iterative improvements.
The Treasury highlighted “compressed testing schedules” as a culprit for poor delivery of transformation. Again, an iterative approach to development is fundamental in avoiding poor outcomes from change programmes – smaller releases into the QA environment are easier to test. If time is a challenge against thorough software testing, corners must not be cut – instead, the firm should consider scaling the QA team, implementing test automation or even artificial intelligence as potential solutions.
2 Legacy systems
“Many financial institutions face the challenge of ageing, legacy infrastructure that is hard to maintain, yet expensive and risky to replace”
Systems built a lifetime ago, that are patched together with endless layers of reparatory code, where knowledge of their innermost workings lies with somebody who has long since retired, are worryingly common in the financial services sector. Legacy systems hold firms back from their futures – in such a competitive market, financial services firms cannot afford to be stuck in the past. An even more concerning issue is the potential security gaps in legacy systems that are near-impossible to optimise for new regulatory requirements.
Microservices are an alternative to a monolithic architecture – where each “microservice” is an independent module that is individually responsible for performing a precisely defined, standalone task. These modules communicate with each other through simple, lightweight APIs and protocols – they help offer flexibility and scalability within small parts of wider systems. They are not a silver bullet: in many cases, a monolithic system can work perfectly well. However, in scenarios that would benefit from modular testing, delivering fast updates to specific functions or an ability to introduce new technologies to systems more easily, a microservices architecture may be the winning option.
Adopting microservices does not take teams down a simple path. Breaking down the methods for achieving this is its own article, but the ultimate consideration is that there should be a well-considered architectural plan behind it. Furthermore, if a company wishes to drive future innovation forward, the foundation should be a stable and resilient system architecture that can handle change.
“Cyber-attacks on the financial services sector are increasingly common and represent a growing risk.”
The importance of getting it right from the ground-up – building in resiliency all the way along the process is to ensure that this kind of catastrophe can never happen a second time.
It could be said that the biggest factor to good security is clarity. A system can be beautifully coded, but the security protocols around it will be what protects it from risk. A team that understands its responsibilities to a pinpoint regarding the systems it can access will pose less of a risk. For a financial services software development team, good coding standards and general compliance agreements must be in place, accessible and implemented to ensure robust security from both a development and general working perspective.
Security breaches can come from unexpected places – a laptop is stolen, the wrong attachment is sent, a database match mix-up – it’s difficult to predict, but crucial to plan for every potential incident. Staff responsible must ensure that end-user safety is always front of mind – not just in the context of software development, but across the wider business functions.
Godel works with several FinTech organisations and ensures compliance is central to software delivery. In the first stages of a partnership, Godel teams learn about the industry and regulations surrounding it that will impact delivery requirements. This builds a more cohesive view of product requirements. In many cases, Godel teams work to ensure client systems are fully compliant with upcoming regulatory changes such as MiFID II, PSD2 and GDPR in the past, well ahead of deadlines.
4 Outsourcing and third parties
“The FCA does not have a preference for insourcing or outsourcing but firms ‘outsource the responsibility for overseeing that it [the relationship] is working and understanding the impact of it when it does not work.’.”
Technology outsourcing has been highlighted as a risk in financial services because of incidents where outsourcers have delivered poor-quality systems that have a negative impact on end-users. In the financial services sector where technology can impact peoples’ lives so heavily, quality is paramount. The PRA (Prudential Regulatory Authority) has issued a paper outlining updates to an existing regulatory framework, which sets out expectations it has of financial services firms to ensure their outsourced relationships are managed adequately.
Ultimately, agile software development requires that the organisation has strong communication, resilient coding practices and a great culture in place – all upon the foundation of a sturdy business strategy. Between the client and their outsourced partner, there must be clearly defined and well-managed expectations – any lack thereof has the potential to result in poor code, leading to system failure, and in turn destabilising customer satisfaction and trust.
Godel’s nearshore partnership model is built on direct, no-nonsense and honest software delivery. Here are three of many factors which contribute to the long-term successful relationships Godel has built with UK financial services companies over the years:
Godel is a partner, not a supplier. Godel teams are made to be a long-term extension to the client’ in-house software team. This relationship longevity gives clients access to expertise that not only delivers software but adds value in terms of shared knowledge transfer, consultancy and innovation on a long-term basis.
From the very beginning of new client partnerships, Godel teams begin understanding of the client organisation’s strategy, values and KPIs. Before kicking off the first sprint, teams spend time onsite with the client, getting to know all the stakeholders and discussing the work from technical and product perspectives.
A healthy balance between following client direction and driving extra innovation is achieved simply by Godel’s constant communication with the client. As the relationship grows and software delivery accelerates, the team puts forward ideas that can be implemented to improve the solution. Strength of trust built between partnered teams helps encourage innovation, but also creates a collaborative working environment for celebrating successes and overcoming challenges alike.
Partnered product mindset. Financial services firms have end users that want a fast, secure and user-friendly experience. Today, these experiences are provided digitally and therefore the teams responsible – developers, designers, QA engineers etc. – must have the end-user needs at the forefront of their minds when building their systems.
Godel has honed a company-wide “product mindset philosophy” to ensure it adapts to each client’s unique vision and, in turn, understands their end-users. Partnered teams communicate constantly, they share ideas and knowledge every day and undergo regular strategic planning sessions as one team so that the product vision never splinters.
Domain expertise. Founded in 2002, Godel has partnered with UK financial services companies across banking, payments, insurance, wealth management, credit and other sectors. Cross-pollination of ideas between team members is encouraged at Godel so its clients can learn of approaches that they mightn’t access in-house.
Over the years Godel has built a set of tried-and-true “recipes” to mitigating key challenges in partnerships, that can be flexibly applied to unique situations, saving the need to try-and-fail new processes. Some of Godel’s methods are:
1 Its agile-to-the-core working approach, that deploys agile delivery management with every partnered Godel team and adapts to client’s individual development approaches.
2 Stringent practices for work involving customer data – techniques are deployed that ensure complete anonymisation.
3 Teams of the company’s senior staff members, known as “Godel Functions”, deliver furthered guidance to existing partnered teams, across areas such as compliance, consultancy and innovation.
Looking to the future: resilience and innovation.
Recent publications from UK regulatory bodies have outlined a potential future for the financial services industry. With the impact of open banking regulations since 2018, the possibilities that technology can help firms realise have become inexhaustible. Now, the road to “open finance” is becoming clearer – a world where each sub-sector of the financial services industry can be connected to provide the customer with a highly useful view of their financial profile.
The potential for truly valuable innovation is certainly there in the sector, however, firms must consider how they can balance delivering new ideas to the market without causing destabilisation or risk to their existing customer base. The risk of investing in new technology and not seeing value from it is always present, especially in an industry as fast-moving as financial services. If a firm invests in building the resilience of its existing systems, it must be confident that these systems will not thwart future efforts to innovate.
The ideal vision for any financial services firm is to have robust systems that can weather the storms of user feedback, security, and regulatory change. These systems would be easily adaptable to evolving requirements, without having to cut corners to go-to-market quickly. Development teams would write clear, high-quality code to be sent through a vigorous and efficient testing process before ever being pushed to production. Ultimately the software delivered would add value for the firm’s customers both in response to and in anticipation of their needs.
As any technology leader knows, this vision is not as simple to replicate in real scenarios, as the challenges detailed by the Treasury in its report and many other roadblocks slow delivery. However, if that leader can truly place their end-users at the front and centre of their software delivery focus, building resilient systems and innovating for the future will be achieved in the customers’ best interests.
Are you looking to explore how Godel shares the vision of its clients and accelerates their software delivery roadmaps? Get in touch for a conversation with our Manchester team.
Godel’s financial services client references: