Banking Fintech

It’s legacy banking systems that are the risk, not fintech

It's legacy banking systems that are the risk, not fintech. Photo: Russell Watkins,
Written by Mark Holmes

Is Mark Carney wrong to say that fintech presents a big systematic risk to the banking system? Story by Mark Holmes.

Every once in a while the financial community gets itself in a fluster about fintech. Mark Carney, governor of the Bank of England, is the latest person to raise concerns about the technology. Speaking at a G20 conference in Berlin, Carney said fintech presented “systematic risks” to the banking system, hinting that the next financial crisis could be caused by tech. The usual reasons were rolled out: liquidity, risk of cyber attacks, and the ability to subvert anti-money laundering laws.

Yet, the real irony is that while the financial community continues to fuss over fintech, it’s actually the legacy IT systems that power many of our banks that present some of biggest risks to our companies, and the financial system as a whole.

Banks’ technophobia

First, let me deal with my biggest gripe: the banks’ technophobia. Many bankers are mortally scared of new technology; of changing their systems or reforming the way things are done. Even today, some banks are still highly suspicious of cloud computing, but the reality is that cloud computing has been with us for three decades now, and customers – whether they are retail clients, investment institutions, or high-net-worth individuals – expect to be able to access their financial information wherever they are. Adopting technology such as cloud computing is no longer an option. You just can’t roll back time.

Secondly, you can’t ‘contain’ the reach of fintech. Some bankers I meet think it’s possible to restrict fintech to retail banking, or stop short of allowing it to affect the banks’ back-end systems, from clearing to compliance. They believe that you can stick a flashy front-end on your services and leave everything else the same. The truth is that fintech challenges the banks’ entire business model, and if they don’t change, they will die.

To be fair to Carney, he understands this – he sees many opportunities in fintech too, for banks and the financial system – but it was sadly the risk of the crisis that caught the headlines.

Technology makes us safer

The truth is that technology can actually make banks and the financial system safer. At its best, fintech gives banks and regulators the tools they need to know where to look. It frees them from boring and burdensome administrative tasks such as data processing – so often subject to human error. Technology gives them back the time they need to look more closely at the most important data.

Regtech allows regulatory officers in investment banks to detect suspicious figures submitted by potentially rogue employees; banks to detect hidden signals in their data which might suggest fraudulent activity or money laundering; and regulators to monitor the early warning signs of crises.

In the past, it would have been impossible to monitor large swathes of the system. Yet, today, processing power has never been so cheap, allowing us to monitor infinitely more transactions in a fraction of the time.

New machine learning technology also gives us the power to monitor the financial markets in real-time, looking for telltale warning signs of crises, and alerting regulators and officials when something needs investigating more thoroughly with a human eye. This technology is certainly not perfect, and we have a long way to go until we can fully rely on it, but it makes regulators’ lives a lot easier.

The real risks lie in legacy systems

The irony is that the real risks lie in the legacy core banking systems that many of our banks run on. Developed in the 1970s and 80s, they’ve been patched over and over again, and every successive patch makes the whole system more complicated and difficult to manage. Often, patches have unexpected consequences, interfering with legacy code written 10 or more years ago by someone who has since changed company, or even died.

The result is that three quarters of a bank’s IT budget is now spent on maintaining legacy systems rather than acquiring new technology that could make their systems safer. These patches also make it difficult, if not impossible, to integrate or retrofit many legacy core banking systems with the latest technology, such as real-time monitoring and machine learning; technology that can improve the functioning and safety of banks and the global financial system as a whole.

CIOs at all the major banks recognise these problems. According to a recent report, “80% of banks believe they will have to replace their core banking system in the next three to five years”. And a whopping 83% believe that their bank’s existing core technology can no longer support its needs. They know their systems are close to collapse.

I fully appreciate the difficulties involved in adopting new technologies, and I know what an enormous challenge this is for our banks. And I’m not saying that we should rip up our core banking systems and start again. That’s clearly not possible. But we can at least start talking about improving and replacing parts of the system. Much like changing the structure of a Lego building, we can do it piecemeal, improving it brick by brick.

Nonetheless, it’s a little short-sighted for some people in the financial community to campaign against fintech when some of the greatest risks are right there in front of them.

READ NEXT: Legacy people is why we use legacy systems

Photo: Russell Watkins,

About the author

Mark Holmes

Mark Holmes is CEO of Waymark Tech, a regtech company that helps financial institutions discover, identify and analyse regulatory requirements.

1 Comment

  • doing it piecemeal does not address your concerns called out earlier in the article re: patches being applied… the risks inherent with patches are just as real (if not more so) when swapping components out of the architecture without understanding consequences to core systems.

Leave a Comment