Your bank may offer a slick mobile application for your smartphone, but a good chunk of its critical IT infrastructure might be built on technology from The Jetsons era.
There are numerous perils involved in running critical banking or operational functions on such systems. Many banks and other financial institutions are using technologies for core systems that are decades old and are also difficult to maintain. Many of the IT experts who operate such systems have retired or are very expensive to hire. Such systems also expose banks to cybersecurity risks since they are usually difficult to patch.
And if something goes wrong on those systems and they go down, it could cripple operations — and take a while to get them back online.
How can financial institutions navigate these challenges? Some banks have chosen to hire technicians or contractors who know how to adeptly manage the aging systems. Some tech companies are training younger coders on the older programming languages. Others are migrating legacy on-premises systems to the cloud, which can take time and be expensive. Each of these strategies presents unique challenges for financial firms, but they are all indicative of the difficulties of maintaining legacy IT.
Many banks are moving legacy IT systems to the cloud, says Joanne McIntosh, a technology law expert at Pinsent Masons, the law firm behind Out-Law.com, allowing them to “use others’ IT infrastructure to host their systems and data, and to tap in to the latest cloud-based software applications, too.”
There are hurdles to migrating to the cloud, she notes, including the transition itself, facilitating audits via the cloud to the location, management and security of data.
“Whether moving to a cloud environment or not, embarking on any major transformational IT project is a daunting prospect for any organization,” she says. “It entails elements of risk, which in the case of banks include moving from generally stable systems that, despite their limitations, have largely ensured continuity of service to customers, to new systems where long-term reliability has still to be proven. Further risks include as-yet unknown vulnerabilities in new technology, and the threat that poses to firms' networks and to the security of customer data and commercially sensitive information.”
Major legacy-to-digital transformations take time, McIntosh notes, something that is particularly true in the banking market, given the regulatory issues that financial firms must address.
Yet more companies are doing so. “Financial institutions such as Capital One are going big on their internal technology strategy, hiring top talent from companies such as Amazon and Microsoft,” Mike Gardner, the CEO of Agreement Express, which makes onboarding automation software for the financial services industry, wrote in the Globe and Mail. “Other institutions, such as HSBC, are going the opposite direction, making big technology partnerships with cloud companies such as Oracle to overhaul their legacy systems with a modern cloud infrastructure. Both are viable options.”
Financial firms need to adapt, Gardner says. “If they’re not all in or all out, the legacy system specter will continue to haunt financial institutions with the looming danger of an outage, a critical limitation or, perhaps worst of all, a rigid foundation that will prevent them from iterating over time and meeting modern customer expectations,” he says.
How did banks get to this point? McIntosh says that much of the latest functionality banks have delivered to customers, including apps and other digital interfaces, has been “developed using systems that ‘plug-in’ to the legacy IT infrastructure through so-called ‘middleware.’ Following years of system updates and integrations post-merger, banks' IT systems have taken on the form of a complex web of hardware and software.”
Antony Jenkins, the former CEO of Barclays, told Reuters that large financial institutions, especially those created through mergers, say banks face problems beyond finding IT technicians that can service older systems.
“It is immensely complex,” says Jenkins, who now leads the startup 10x Future Technologies, which sells new IT infrastructure to banks. “Legacy systems from different generations are layered and often heavily intertwined.”
Many legacy IT systems in banks run on the Common Business-Oriented Language (COBOL), which was developed in the 1950s and became popular in the 1960s. COBOL has been gradually replaced by newer, more versatile languages such as Java, C and Python, Reuters notes. Banks never replaced IT systems running COBOL, and because few IT technicians today can write in COBOL and manage systems that run on it, those systems are vulnerable.
According to Reuters, an estimated $3 trillion in daily commerce flows through COBOL systems, which underpin everything from deposit accounts and check-clearing services to card networks, ATMs, mortgage servicing, loan ledgers and other services.
Some entrepreneurial IT professionals are taking advantage of the situation. In 2013, Bill Hinshaw, 75, created COBOL Cowboys, which connects companies to about 20 programmers like himself that know COBOL. Reuters reports that Hinshaw’s wife Eileen came up with the name in a reference to Space Cowboys, a movie from 2000 about a group of retired Air Force pilots called in for a trouble-shooting mission in space.
It’s a lucrative trade. Reuters reports: “Experienced COBOL programmers can earn more than $100 an hour when they get called in to patch up glitches, rewrite coding manuals or make new systems work with old.” Hinshaw says, “You better believe they are nice since they have a problem only you can fix.”
Some companies, like IBM, which sells the mainframe computers that run on COBOL, argue that a new generation of coders can be trained to learn COBOL. The company has launched fellowships and training programs in the area and says it has trained more than 180,000 developers in 12 years, according to Reuters. “Just because a language is 50 years old, doesn't mean that it isn't good,” Donna Dillenberger, an IBM Fellow, told Reuters.