The error is understood to have occurred after a software update froze part of the banks’ computer systems last Wednesday, affecting 17 million customers.[From RBS computer failure ’caused by inexperienced operative in India’ – Telegraph]
The central thrust of the Intellect report, on my reading, is that banks have tended to under-invest in infrastructure because it doesn’t deliver an immediate investment return (as their investments in sub-prime mortgages, payment protection insurance and interest-rate swaps did). I’m sure we’ve all come across the logic in our careers. Given an infrastructure solution that costs £10m and will take three years to implement, the head of IT will always go for the £2m band-aid that will be done in a year. If the system collapses five years downstream, he or she will reason, so what? They will be long gone and their performance bonuses will be safely tucked away. (I’ve seen a fair bit of comment about the RBS collapse much in that mould.)
Mr Ramji says the average large bank would spend up to 7 to 10 per cent of turnover on IT systems annually. He believes RBS was at the low end of that range… senior RBS executives admit the retail business suffered under-investment in the years leading up to the credit crunch, when the former management under Fred Goodwin, chief executive, was fixated on expanding the investment bank.[From Banking: Finance’s fifth column – FT.com]
Another constraint of infrastructure renewal, again as we have all experienced, is that the overwhelming majority of IT spending in European (and North American) banks goes on managing and maintaining the legacy systems. There isn’t really a lot of money available for renewal despite multi-billion spends on IT across the sector as a whole. This might well be another reason why even banks should consider creating payment subsidiaries and running them as separate units as Payment Institutions (PI) rather than banks, because payment innovation is a lower priority than keeping the ATMs working when it comes to the budget competition. This is why, in the UK, Barclays’ PingIt has become such an interesting case study of payment innovation within the retail bank.
Fast, simple and easy … and innovative. I hadn’t seen such stuff before and certainly not from a UK bank.[From The Financial Services Club’s Blog: Case Study: Barclays Pingit for Consumers and Corporates]
The report isn’t solely about the banks’ own internal infrastructure, of course, but also talks about cross-industry infrastructure that needs to be created, such as the account number portability system (which, personally, I suspect will be a waste of time and money) and a mobile front-end to FPS (which, personally, I suspect will lead to some very creative new products and services). Incidentally, before anyone e-mails, and in a spirit of full disclosure I suppose I ought to say that I am Chair of Intellect’s Payments Group and therefore much more interested in new investment in the payment space anyway…
One rather obvious way to reduce the costs to individual banks and make the IT infrastructure renewal more attractive would be to shift more IT out of banks and into cross-sector utilities (which the report calls a “system of systems” and uses FPS as a case study). I wonder if there might be an opportunity coming along in the identity space? It’s bonkers for each bank to have non-interoperable dongles to authenticate customers against non-federatable identities. The Intellect report mentions in passing that KYC might be a process suitable for utility implementation but I would go further and look at some sort of “financial services passport” as was discussed from time to time at the CSFI. Why? Well, under the new, expensive and (as I mentioned above) largely pointless plans to make account-switching easier in the UK, customers will still have to undergo a KYC check at the target bank. So even though you already have a bank account, in order to switch it you have go through KYC/AML again. Having had a Barclays account for 35 years, if I want to open an RBS account they treat me as if I’d just got off the boat. Why can’t RBS just have me log in using my Barclays dongle, or whatever?
There can’t be many more obvious business cases for the short term than a cross-sector identity management system that is part of the government’s Identity Assurance (IDA) framework with two-factor authentication and scheme rules for mutual recognition within, initially, the UK financial services sector and then downstream in a European-wide service. Let’s start with some new infrastructure, as well as rebuilding the old stuff.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
The platforms for ubiquitous ID (based on Secure Element) are already out there. The questions then become: (a) will banks adopt the “bring your own token” approach any time soon (without double KYC), and (b) what will be the consumer acceptance rate of such platforms. Perhaps, once a particular secure platform becomes widely used for a mass application (say, transit), banks will pay attention to other applications of such a platform.
I agree. And the architecture was designed a generation ago. Government’s ID proof their citizens using a trusted method and then issue a token that can be used by the citizen to prove who they are in any context, without the issuer knowing that they have done so.
We need the digital equivalent of what works today in the “paper” world.