Digital Transformation challenges in Banking

David Glennie
October 6, 2023

This weekend Santander joined a growing list of high street banks that’s suffered disruptive service outages, acting as a reminder that digital transformation is far from easy.

On Saturday, reports that Santander’s online and mobile banking apps were knocked out started to hit the press. In-branch services, card payments and ATM services were also affected.

Unable to shop, pay bills, get cash or buy petrol to get to work, customers described it as a ‘nightmare’ across Twitter.

I’m sure the nightmare was pretty big inside Santander too. It’s not yet clear why it happened, but planned maintenance on its mobile banking app on Friday could be the reason according to the BBC.

It’s not the first time IT upgrades have been the cause of upheaval for banking customers.

In September, Computing reported that NatWest had suffered ‘another’ mobile and online service outage. Explained away by the bank as ‘IT glitches’ it also affected RBS.

It followed outages in 2019 that were just as painful for its customers – one in August that lasted two days, and November during Black Friday sales. NatWest apologises for another banking outage, says services now back up and running

Co-Op’s Smile bank also fell over last summer leaving 100,000 customers unable to bank and complete significant transactions like mortgages. Though it’s hard to determine if it was related to an upgrade, it was reported to be an isolated incident and so it can only be assumed it was down to problems with its own infrastructure. < >

And then there’s the TSB outage in 2018, which lasted a month after a planned IT upgrade, and resulted in a Treasury Committee hearing. As nightmares go, that has to be a pinnacle.

In just about every report I’ve read related to these stories customer case studies have said they will leave because of the way it effected their lives. We simply can’t function as a society without reliable banking.

But delivering reliable IT while also transforming digital operations to save money and compete with new online banks is no mean feat.

Monolithic v digital transformation: Incumbent banks often have large monolithic technology to manage and teams that are bound by very hierarchical organisational structures.

Tied up in this structure is process. And it’s arduous, often out of regulatory necessity, but mostly out of legacy. At its simplest level, because of compliance obligations, there are always a lot of forms to complete before work can be started on anything, including what you will do if it fails.

To my mind, this is all well and good but it creates a problem; the big in house team approach leads to a scenario of ‘group think and received wisdom’. And sadly, while a cautious approach might manage some aspects of compliance, it does nothing for finding institutional blind spots.

This is also why banks don’t make lots of small mistakes that go unnoticed like smaller businesses do. Instead, when it’s widely accepted by an organisation that opinion is fact, they make massive ones.

Find the facts: One way to address this is to have a ‘Not from here’ team which works on aspects of the platform related to transformation or regulatory deadlines, but also have a remit to probe the system and try and find the invalidated ‘facts’ that are so deadly.

When done well, they slot into the in-house team providing a safety net. Capable of working across legacy and new, they are expert in banking regulation and keeping the monolithic systems going as new transformative apps are developed and integrated into the cloud. In effect, they encourage the agility banks need to compete and that so many have set out as a strategy in their annual reports.

Adjacent best practice: It’s an approach we take in the adjacent industry of tax and auditing. Another highly regulated market that needs to match compliance with digital progress.

In this world, we don’t just develop the shiny new stuff, we also look after the legacy systems carrying out modifications and bug fixes, and proactively searching for vulnerabilities and unfounded assumptions. In doing so, we reduce risk across the board and improve code and system quality. We aren’t blinkered by institutional blind spots and we have the coding skills that understand systems built decades as well as months ago.

Who cares? And from my perspective, it’s those blind spots that lead to IT failures. If you have a strategy to deliver then lifting the lid on your legacy code isn’t going to be a priority. However, if you don’t do it, everything that’s bolted on is at risk.

What’s more, customers won’t care, nor will the regulator or the Treasury when things go wrong. You’ll fight to keep people loyal. You’ll dish out the compensation. You’ll pay the fine regardless of the explanation.

I can’t imagine any bank can afford to do that with Starling, Moneze and Monzo tugging at their heels. Yet I fear it’s the future of banking if the incumbents fail to work it out. Don’t you?

If you’d like to know more about our approach to dev ops then drop me a line. You might also like to read how we do it for the big four, in one case looking after 18 FinTech platforms.