The Stack Archive

Beaten British banks need to modernise and improve software quality management

Fri 22 Apr 2016

UK banks

lev-lesokhinLev Lesokhin, EVP Strategy and Analytics, CAST, highlights the weaknesses in UK banking IT, and explains why we are falling behind U.S. and European counterparts…

Following outages at some of the UK’s leading banks including Barclays and, most recently HSBC, which left customers unable to access funds for up to two days, means system failures are a hot topic. The amount and frequency of these damaging failures emphasises the growing issue of poor software quality management in the UK banking sector. If something isn’t done to address this problem, banks will continue to face system performance issues and mounting concerns related to customer experience and satisfaction, despite pressures on cost.

What’s causing these outages?

A recent report looking into the core structural software characteristics, including robustness, security, transferability, changeability and efficiency revealed some of the potential reasons why UK banks keep crashing and how they fall short compared to their U.S. counterparts. Such an analysis highlights issues that are fundamental and increase the risk of banks endangering their customers via their IT systems.

Looking at the security of the applications across the Financial Services sector revealed that Brits are more likely to break the rules when it comes to security measures, with one in four of UK-based applications recording the lowest scores for security. Ignoring security best-practices is especially worrying as recent figures suggest one in five UK banks are hit by cybercrime. The UK banks need to do more to address this issue and fight off further cyber-attacks on the UK banking sector.

UK banks are known for having core systems based on legacy IT, with some even running applications on systems more than thirty years old. It is no surprise to see that British coders are using mainstream and ‘old school’ technologies to support such applications. British apps were found to mostly be written in Java-EE and COBOL, whilst the U.S. and Europe are using a much wider range of technologies.

This isn’t helped by the fact that UK banking applications are far larger and more monolithic than their foreign counterparts for financial applications. In short, Brits are verbose and can’t compartmentalize their thoughts. The average lines of code (LOC) for both U.S. and Europe is under 440 thousand LOC, compared to 1.07 million LOC for the UK. This exposes UK banks to far more difficulty in dealing with digital transformation trends, bolting on new functionality at greater risk of faults and glitches, and when there is an outage it can take the bank twice as long to get to the root cause and fix it.

The key differences between the UK banking sector and their overseas equivalents indicates that the UK is lagging when it comes to mastering the overall risk and quality of these applications. Especially when it comes to controlling how distributed components of very large applications are bolted together to perform a transaction. Doing so will help to reduce the regularity of system outages.

How can British banks fix these issues?

As technology continues to evolve and become more complex, with the popularity of new payment platforms such as Apple Pay, Google Wallet, online banking and contactless adding to the strain on the existing legacy systems, combined with the apparent poor application structure and coding, it is no wonder the UK financial sector is struggling to meet the high levels of performance and security modern customers expect.

There is an apparent need for the UK financial sector to modernise and improve its application resiliency to reduce the risk of damaging outages and failures. This is particularly poignant with rival European counterparts leading the way, and U.S. banks also performing better. As the new generation of challenger banks bursts onto the scene in a bid to take a slice of the UK banking pie, disenchanted British customers may begin to look beyond the traditional ‘big banks’.


feature FinTech security software
Send us a correction about this article Send us a news tip