The systems meltdown that hit NatWest customers is an accident waiting to happen to many UK banks, analysts have warned, as financial institutions try to balance cost-cutting with the need to modernise their IT.
The IT glitch that disrupted banking at NatWest, Ulster Bank and other companies owned by RBS over the past week highlights the risk of systems failure facing British banks in general. These are at risk of systems failure due to a lack of adequate investment in business processes, and the conflicting pressures of modernisation and austerity, analysts said.
The continuing NatWest debacle has highlighted the IT systems risks faced by British banks, springing from a lack of investment in back-office staff and a reluctance to abandon legacy systems. Image credit: NatWest
"In some of the banks the cost-cutting pressure is quite big — there are targets to meet," said Freeform Dynamics analyst Martha Bennett. "I have spoken with existing and former IT people in some of the larger banks who are saying they are just waiting for a disaster to happen."
"It's easy to cut corners when you don't see an immediate effect," she added.
Major banks have carried out back-office consolidation of previously separate teams, piling more workload on individuals, she noted. In addition, the teaming-up of employees around the world who may not have worked together before is common practice.
"I know of some cases of doubling the number of servers someone has got to administer, combining two back-office IT departments into one, without necessarily doing a proper assessment of whether the skills are actually the same when you combine these two things together," Bennett said.
Bennett said she didn't want to single out RBS, which has performed back-office consolidation.
"Frankly, I can see it in all of them," she said. "If you talk to some of those IT guys over a drink, they will probably tell you: 'There but for the grace of God go I'."
RBS has not confirmed the cause of its IT meltdown, but some reports have focused on outsourcing or offshoring as a possible cause. In RBS's case, it's likely that off-shored teams around the world have been put together without adequate recovery processes having been put in place first, Bennett suggested.
"It's having distributed teams where there's likely not to be a sufficiently resilient process," she said.
In addition, IT professionals in the financial services industry are being put under pressure to make efficiencies where they can — migrating to fresh technologies, for example.
Chris Skinner, a banking technology strategist at Balatro, noted that many UK banks are still operating on legacy systems, but are under intense pressure to provide modern services such as online and mobile banking. The problem here isn't a lack of investment — banks spend more on IT than almost any other industry — but the threat of failure while migrating to new systems.
"[Banks] are stuck in a Catch-22," Skinner said. "They've got systems that are very old, but they haven't replaced them — they are highly concerned about the risk and exposure to failure. The longer legacy systems exist, the more likely they are to cause problems, by not being able to keep pace with things like mobile payments."
He noted that the pressure to update systems is coming from the retailers and the banks' customers, who want 24-hour mobile and online payment services. Retailers are particularly interested in payments via smartphone apps, which leads to increased demand for payments processing.
This shift needs to take place in a banking industry that still has not adjusted to a change its payment-clearing system introduced in 2008, when VocaLink brought in real-time rather than three-day clearing of payments, Skinner said. In addition, regulatory change in payments processing from Brussels has also put pressure on banks to alter their payments systems.
Despite this, some institutions will hang onto their legacy systems as long as they can, because they work and they aren't causing problems.
"There are bank systems out there that are still operating at the back-end in pounds, shillings and pence — old currency," Skinner said.
When banks bite the bullet and make changes, they normally have disaster recovery plans in place to prevent customers from noticing, he noted. These don't always go according to plan, however.
For example, Santander migrated its systems across to a new platform, but scored low on customer satisfaction during the process, Skinner said. For three months in 2007, Abbey customers weren't being issued with debit cards. Santander denied that its computer systems were at fault.
The longer legacy systems exist, the more likely they are to cause problems, by not being able to keep pace with things like mobile payments.– Chris Skinner, Balatro
The bank takeovers of the past several years have also put a crimp in the move to new technology. When Lloyds and HBOS merged, for example, the two institutions moved to using Lloyds's legacy systems, and the same happened in the RBS-NatWest merger, according to Skinner. This path offers the least risk, but does not set banks up for the future.
"Right now, Lloyds is looking at future migration. But it's not going to happen, because the systems are working. They are robust and resilient," he said.
This lack of movement means British banks are falling behind their international counterparts. For instance, Germany's Deutsche Bank, Bank of America and France's BNP Paribas have all moved their core payments systems to new, global platforms in the last decade — giving them a competitive advantage, Skinner said.
Overall, British banks need to find a way to keep their IT systems' lights on, while balancing legacy, economic and regulatory pressures. They need to grasp the nettle — give their IT departments more resources and manage changing processes effectively — or face RBS-style disruption.