De-risking Taken to the Core
Digital transformation is an ongoing and far-reaching challenge for many banks, especially those that still rely on legacy architecture, code, and technology. The obvious remedy is to switch to a modern solution. But this is far easier said than done, and the associated strategic, operational, and regulatory risks discourage many financial services providers from upgrading or replacing their Core Banking Systems (CBS). At the same time, concepts for a low-risk approach to programs of this magnitude exist that are operationally proven.
In In the digital age, a modern IT-system is of critical importance for nearly every company’s success. This truism is even more applicable to financial service providers, for which a reliable IT-system constitutes a prerequisite for doing any business at all. For this reason, a certain reluctance to alter proven applications or even replace legacy systems with modern solutions is understandable.
The consequences of something going awry during a migration project are serious and entail reputational as well as financial damages. In most cases, the latter includes hefty fines levied by regulating authorities, as the banks have a duty of care to provide uninterrupted services to their customers and the general public. A recent example is a botched IT platform migration by the British lender which affected around two million customers, who were denied access to all kinds of services, including cash withdrawals and online banking. Besides the losses due to the fault itself, the bank was fined nearly 49 million pounds (approx. 59 million USD) by regulators in the United Kingdom.
‍
Changing customer expectations
So, why risk system changes at all if services are up and running? In short, banks have to contend with a paradigm shift in customer demand. Young, digitally savvy consumers are entering the banking market, requiring personalized and seamless multichannel services. Established banks need to adjust to these expectations, on the organizational side as well as technical. Many financial institutions are still running legacy systems based on mainframe architecture, with an on-premises setup as their CBS. These are already experiencing difficulties when connecting new services and integrating modern banking applications.
Eventually, most existing CBS will need a major refurbishment or a complete replacement. Most common reasons for CBS replacement are low stability of the legacy platform, long time to market for new functionalities due to accumulated technical debt and archaic architecture, complete loss of internal capabilities for further development, or end of support or/and maintenance from the CBS vendor.
‍
‍
‍
‍
CBS Modernization entails many benefits
In principle there are four options for CBS transformation: upgrade, refactoring, augmentation and replacement.
- ‍In the “upgrade” approach code is changed with minor upgrades to an upgraded platform (e.g. version upgrade) that does not change application functionality.
- ‍“Refactoring” updates the codebase without changing baseline behavior (e.g., from COBOL to .NET).
- ‍“Augmentation” implements a parallel core that meets advanced needs not offered by legacy core, new core run for a differentiated business, and/ or be a target for migrating from legacy core.
- ‍Whereas in the“replace” scenario existing core platform is replaced with a new/ modern solution.
‍
For a bank, tinkering with their CBS is comparable with open-heart surgery, as a grave mistake might endanger the existence of the corporation. In addition to the risks associated with such undertakings, there are significant financial outlays. Due to these key factors, CBS modernization programs are rare. However, there are many benefits to be gained from such an undertaking. New, modern applications with a lot of added value to the customers can be easily integrated, ensuring enhanced security and reduced time to market for new products. Moreover, modern architectures are much more flexible and scalable, thus allowing tailored systems requirements (to the actual needs) without excess capacities, thereby savings cost in the long run. Bearing in mind these advantages, some banks decide that a core system change or at least a significant upgrade is the best course of action.
‍
Possibilities for De-risking
There are several measures that can be taken to reduce or mitigate the risks associated with CBS replacement. To name some key risk addressing measures: Â
- selecting appropriate release strategy, Â
- designing interim application architectures, Â
- isolating the CBS replacement activities, Â
- choosing the most suitable deployment approach.
Furthermore, the data migration and deployment activities can be mastered through a series of trial migrations and dress rehearsals. Â
‍
‍
“Big-Bang” vs. Gradual Approach
Principally, there are two of the primary options for a CBS replacement. One entails a complete replacement of the current CBS with a new, state-of-the-art solution in one go. This big-bang approach more or less eliminates the need for any two systems running in parallel and enables the financial institution to completely revamp its IT-architecture without the necessity to compatibility with the old one. On the other hand, the associated risks are rather high, in extreme cases, a complete shutdown of the bank’s systems. To avoid this, intensive tests are unavoidable, prolonging the time the institution has to rely on the old CBS alone. Big-Bang is in many cases is simply not possible due to complexity of migration. Â
As the other primary option, the gradual approach comprises of the implementation of new products in the new system while retaining the old one, thus augmenting the IT landscape. That way, the new, parallel core covers the advanced needs not met by the legacy system. Once the implemented platform is stable and proven, more and more legacy functions may be migrated. In the end, the old CBS is gradually switched off until only the modern system is supporting the bank’s business. While this option sounds safer and more reasonable, before deciding which road to take, there should be an an in-depth analysis of costs and benefits. This is due to the significant additional effort required to enable the coexistence of legacy and target systems, and the need to plan the architecture around this. Â
‍
Stable Plateaus
A stable plateau constitutes a stable interim state of an IT architecture, providing clear business and IT benefits associated with IT architecture of that plateau. Achieving a state that could be maintained even if the transformation is not continued, allowing to change the direction. In the hollow-out approach, stable plateaus allow financial institutions to manage transformation in risk-minimized way and do not hinder introducing new capabilities. Stable plateaus should be designed after each major functional release and should be carefully tested.
Abstraction Layer
Even before starting the CBS replacement program, financial institutions should isolate the current CBS platform with the abstraction layer and remove all tight coupling integrations such as shared databases, database links, point-to-point Application Programming Interface (API) calls. This step is required to hide the CBS replacement activities, both on legacy and target platform, from the rest of the application landscape.
Deployment Options
We at BCG Platinion have taken a more comprehensive look at possibilities to further de-risk a gradual approach to CBS modernization. To achieve this, it is important to reduce the probability of critical issues occurring during release deployment on production and, should these occur, limit the impact. For achieving the latter, two options are available:
- ‍Pilot approach for executing this option, functionalities are activated in total, but only for a small subset of users.‍
- Phased approach where the functionalities are divided into subsets, which are activated one by one for all users.
Â
‍
Structuring is Essential
We executed the second option recently during a gradual CBS modernization program at an international bank. To further accelerate value delivery for customers, the initiatives were divided into three major releases, with the second split up once again into three sub-releases. The primary reason for this further partitioning was the critical nature and complexities of the functions being migrated — in this case the payments processes. Our approach utilizing sub-releases allowed for the activation of individual payments routines without affecting others.
Migration
The first sub-release of phase two started with the migration of all services concerned with retail loan and card origination. After confirmation that these services were running stable, the standard payments services were migrated, excluding deferred payments. This preclusion was taken to limit the number of transactions affected in the case where problems could arise. Additionally, we did not want to risk overburdening the production support team with too many different strings of the architecture at any one time.
Activating the next release only when predecessors are stable
Once the two sub-releases were confirmed to be in working order, implementation of the final sub-release of phase two could be started. This comprised of customer and deposit accounts, and the deferred payments scope. During the rollout of this and every preceding step, the bank retained full control of all proceedings and had the authority as well as the ability to immediately roll back to the old system in case of impending difficulties. This ensured that the bank could minimize any down-time, and fostered trust and mutual understanding between the program’s partners.
‍
‍
Finalizing the CBS modernization
The last major retail release took place recently. Carefully adopting a de-risking approach to this CBS modernization program, we managed to mitigate potential risks and ensure a seamless transition to a modern system. This served the bank and its customers well and served as a core enabler for the execution of the organization’s digital strategy.
‍