IT outages in the financial sector: Legacy banks playing tech catch-up risk more outages, UK MPs told

'How many times in a week can we change an app without it falling over?'


Banks with mountains of legacy tech risk causing more outages as they race to catch up with their "agile" competitors, the Treasury Select Committee was told.

Speaking at the hearing on IT outages in the financial sector yesterday, deputy chief executive of the Prudential Regulation Authority, Lyndon Nelson said innovations in the sector are driving change.

"If you are a large retail bank in the UK, you are probably dealing with legacy systems" but as fintech companies are adding new features to their apps, they are keen to do the same "for competitive reasons."

"The question IT officers are thinking is 'how many times in a week can we change an app without it falling over?'"

He added if a bank's business depends on its banking app being able to compete with "fleet of foot" challengers making updates four times a week, they must ensure they have robust systems in place.

Alison Barker, director of specialist supervision at the Financial Conduct Authority, said 65 per cent of outages are in retail banks. She said the regulator received 853 notifications of outages in 2018/19 "that is a huge increase on the previous year". However, she added some of those incidents were relatively minor, with part of the increase being due to a change in regulatory reporting requirements.

Asked to what extent legacy systems are used across the sector, Lyndon said: "It is still pretty extensively, I'm afraid… some pretty core systems are still run on legacy."

"They still use code back from the 1970s on some of these systems, and they've just built on top of them."

Nelson said banks do have plans to phase it out but "it's often quite a brave chief technology officer to envisage that" because of the inherent risk in changing systems. He noted not many programmers are left who can use COBOL.

Committee member Simon Clarke said: "Members of the public would probably be alarmed to learn that some of their financial institutions are running on systems that are possibly 50 years old.. and often are not well understood by the people working with them. How widespread is that problem?"

Nelson replied: "I think they do understand them because they built systems on top of them. I think the understanding is deficient when things do go wrong."

David Bailey, executive director of Financial Market Infrastructure at the Bank of England, said the body has suggested banks provide a full list of their critical services and which specific IT systems are required to support them. Once that is in place, they can look at a plan to migrate from the remaining legacy architecture, he said.

The Parliamentary inquiry into IT failures in the financial services sector was launched last year after the meltdown at TSB that lasted almost a week in April 2018.

Last week the committee heard that as more banking services move to the cloud, their is an increasing dependency on the three large providers: AWS, Google, and Microsoft.

Nelson echoed concerns raised about "the shortage of choice". He said for small providers, cloud services probably provide better protection. "But we are also worried about the concentration [of these services]." ®


Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.

    Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022