Home / Technology / Forget operational risk, let’s talk about systems risk

Forget operational risk, let’s talk about systems risk

I know that I keep blogging to banks to rip out and replace their core systems if they’re not fit for purpose, but today the point really rammed home hard.

The point began with my usual ranting about how I dislike omnichannel as a phrase.  It’s not that I dislike the phrase, I just don’t like the word ‘channel’.

Channel relates to a past where we built systems each time a new technology needed to be implemented.

So we have an ATM channel, an adjunct to our core system for cash.

We built the call centre channel, a front end to our core transaction system.

We added the internet, an overlay using middleware to allow us to offer an online statement.

And now we’re creating more sticking plaster over the core systems to enable mobile access.

In other words, we purely use omnichannel to relate to all the different touchpoints that need access to our creaking old core systems.

Systems that were often built in the 1980s or earlier, and that are frozen into place thanks to the layers of technology we’ve placed on top of them.

Result: they’re now embedded into the fabric of the organisation and we’re frightened to change them.

In some cases, systems built for different banks, embedded in the fabric of the organisation of the merged bank.

Yes, I am aware of some banks that have over 30 different back office systems, processing different services for different banks built up through decades of acquisitive growth.

So I’ve said all that before.  What’s different about today’s blog?

Well, here’s the rub. 

When you have old systems with many different access points on top as channels, you’ve created the greatest way to break into the bank today.

The reason is that diverse core systems processing complicated with layers of access creates  fragmentation, and fragmentation creates opportunity.

If I were trying to break the bank today, I would use the arbitrage of processing risk to create fraud and leakage.

And maybe that is a classification of risk that banks need to include today.

Yes, market, credit, operational, reputational, liquidity risks are all real, but what about systems risk?

Ever put that in your buckets of exposure?

You should.

Systems risk is becoming more and more real.

Systems failure risk.

Systems processing risk.

And systems breakage risk.

The more fragmentation of systems around the bank, the more likely that someone will find that chink in your armour and leverage it for gain.

So now think of it another way.

If you could take those 30 or more old systems and bring them all onto one new, secure, cloud-based, mission critical digital platform, would it not make sense?

A secured digital core that is whole and singular, rather than many analogue cores that are fragmented and diverse.

That is the real reason to rip it out and start again, if no other.


About Chris M Skinner

Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, the Finanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal’s Financial News. To learn more click here...

Check Also

The real financial plans of the tech titans (#GAFA #BAT)

In my blog yesterday, I talked about the technology titans being liked and potentially trusted …

  • Systems risk – indeed.
    The operating system is clearly not fit for purpose.
    It produces waste that cannot be recycled into revenue streams; it treats people like cows in a milking shed; it’s pumped up, over-priced and extremely vulnerable to a more sustainable model being created.
    Money is no longer fit for purpose and the institutions that feed off it are vulnerable to the emergent new peer to peer networks that disintermediate them.
    Market drivers are setting the pace of change. Values are valuable. It’s the valuation system that’s in for a shake up. Money doesn’t value the stuff that we the community consider valuable – family ties, friendship, security, becoming a better person, belonging somewhere etc etc.
    The new valuation system won’t do away with the money system but it will act as a counter-balance to the effects of money. Standards will be centralised to that exchanges can take place all over the world but issuance will be delegated to trusted organisations that produce, not destroy community.
    The transition from a dollar based reserve currency to a time based reserve currency has not yet started as the peer to peer network of communities and the payments ecosystem that enable the currency to be stored securely and then traded are still being developed. But bitcoin has showed investors the art of the possible and as a consequence hedge-type investors are beginning to awaken to the fact that an alternative system might be feasible after all.
    We the community believe that community is the future of business and the future of money. If you can’t produce it, you’re finished in business. If you can’t value it you’re finished as a currency.
    The times they are a changing.

  • As Chief Enterprise Architect of a core banking software company, I absolutely agree with Chris that the banks need to replace their core systems, but I would think that wouldn’t I? I also agree that they need a system that is a “secure, cloud-based, mission critical digital platform”. Where I might take issue is with Chris’ objection to the word ‘channels’. The problem is not with the word, but with the way banks traditionally implement them. There are two major problem: the banks invariably hard wire the channel to a capability; and the channels synchronously execute the back office.
    What do I mean about hard wiring? Well, look in your wallet. You will likely find a debit card and a credit card, for the same bank. The card is a channel giving access to the bank. The debit card is hard wired to the current account and the credit card is hard wired to the revolving credit account. What you should have is a single channel of access to the bank (the card) with access to all your banking capability (all payment capabilities). This hard wiring extends to teller and automated teller (ATM) as well. The teller is hard wired to the branch accounting system (in a legacy bank like our big UK banks) and the ATM goes through the device handler to separate branch accounting transactions.
    This hard wiring creates the problem at the channel that Chris describes so vividly. You should be able to take £100 out of an ATM and then see the transaction on your phone as you walk away from the ATM. Likewise for card transactions.
    Whereas the hard wiring of channels is an engineering mistake, the synchronous execution of the back office is an architectural mistake. It means that the banks can’t do two things essential to the ‘Amazonification’ of banking. Firstly, they can’t scale. As the CTO of Amazon says, to move to Internet scale all services must be asynchronous and autonomous. Secondly, they can’t create a banking marketplace like the Amazon marketplace. The bank should be able to tell you all the offers in the market and should be able to connect you to any offer, not just theirs. This is how a digital bank owns its customers. Insurance found out too late just how easily digital entrants can disintermediate the supplier from its customers. Meercats now have more brand recognition in insurance than any one insurer.
    Luckily for banks the barriers to entry for deposit taking are much greater than for insurance, but it will just take one compelling entrant with the right engineering and architecture and the big four UK banks will be toast.

  • SWYS

    I think ‘systems risk’ is very significant. Given the complexity of bank operating environments – that are growing more complex in an exponential fashion, it is not hard to foresee where the next crisis may emanate from.
    It is also noteworthy that in these times of growing systems complexity, banks do not have enough people who understand the holistic nature of the environments that humans are trying to manage. Banks need to attract, invest in, retain for MUCH longer tenures employees who can grow to understand and manage this complexity.