Aftershocks from the infamous TSB migration to a new IT system in late April, which was so badly bungled as to become a defining case study for generations of bank operations and technology staff to come, were still rumbling in June. Paul Pester, chief executive of TSB, appeared once more in front of the Treasury select committee of the House of Commons to apologize and provide more details.
What started with many customers being unable to access their own accounts – although some were granted surprise access to other peoples’ – has given way to 70 times higher-than-ever fraud attempts. By early June, 1,300 customers had had money stolen from their accounts. Some others who tried to leave the bank and switch standing orders for regular bills to new accounts with other banks have discovered that TSB was telling their utility providers that these customers had died.
TSB had received over 100,000 complaints by mid June. The Treasury select committee is concentrating on how it has handled these, while leaving the dreary technical details of what went wrong to IBM.
IBM has delivered some preliminary views on wholly inadequate software testing. It offers a contrast with a similar situation when IBM partnered with a different bank to migrate to a new core operating platform. Multiple trial migrations were conducted, rolled back and then remediated prior to launch. The production launch was done over a longer period, initially open to programme members only, then staff, then targeted customer groups, before a full launch to new customers and subsequent migration.
TSB tried to do it in one shot over a weekend. So, IBM presents this, perhaps comfortingly, as a failure of project management that happens to relate to IT.
But strains are becoming evident at other banks too. In late June, some customers of Sainsbury’s Bank were reporting difficulties using their cards after a systems upgrade. Some Visa debit card issuers could not use their cards across Europe.
Software intelligence company Cast has published a report on application age after analyzing 2,067 apps, representing 733 million lines of code from 14 different technologies. It finds that 75% of applications built in the 1980s still have a high impact on the ability of businesses today to ensure service continuity, compared with just 50% of those written this decade.
The concern is that these older software systems are less resilient. More worryingly, the shift toward agile development teams might not be helping organizations modernize as quickly as the industry anticipated. In fact, applications released over the last 10 years score lower than applications released in the 1980s for their adaptability.
Old and new software doesn’t mix well. New software being written for a short-term benefit to customer experience may become a long-term headache.
Senior bankers often like to say they are really technology companies that happen to be in the business of moving money. Perhaps they repeat this in the hopes of attracting technology company valuations to their shares. But their own senior ranks tell a different story.
Euromoney sits with one chief executive who runs through the background of his executive committee.
“I’d be happy if we had even one person with an IT background,” he says, admitting that there is more IT expertise among his board of directors. There are mathematicians, economists, scientists and an abundance of MBAs on his exco, of course, but far more liberal arts graduates than technologists. If the technologists tell him what to do to get his bank’s IT in shape, he might have a good nose for spotting a bullshitter but he and his colleagues cannot develop alternative diagnosis and treatment plans.
Banking is first and foremost about taking and managing credit and market risk, not about technology. But increasingly technology is both the key to renewal and the biggest operational risk. The realization is dawning that enterprise applications are laden with software risk and that banks must apply the same portfolio management skills to IT that they devote to business, market and credit exposures.