Financial Services: How Resilient Are You?
Ongoing regulatory pressure and change are placing more and more overhead on organizations to drive operational improvement through the resiliency and supportability of not only core platforms but also enabling technologies.
Failures to mission critical and market critical systems is no longer tolerated. As a result of ‘Too Big To Fail’ and many other well documented incidents, financial services organizations are having to rethink how they operate. The regulators have unprecedented powers and levels of scrutiny to ensure that systemic failure cannot occur. In practice, this effort is enormous. The change requires massive amounts of retooling.
Regulators divide the resiliency requirements into several key areas, some of which will be discussed in subsequent blogs. Today, I would like to focus on two critical requirements:
- Critical Infrastructure – Core networking and connectivity to internal and external providers, which enable the organization to function and daily activities to occur with minimal disruption. This infrastructure is often presumed to existing and working. Any disruption can cause massive problems.
- Critical Systems – Core banking platforms, including, financial systems, Payroll, HRIS, and so on. These are identified as those systems that are required for an organization to be able to run effectively, whilst maintaining its commitments to customers and employees alike. These systems must be resilient in design and operation.
If we look at ‘Critical Infrastructure’, organizations spend an enormous amount of time, effort and money engineering for the ‘what-if’ scenarios, trying to eliminate routes and single points of failure. Unfortunately, with technology, there can still be issues, either internally or where an external dependency exists.
Ensuring the right levels of control, monitoring and response are in place plays a major role in providing confidence that the service being delivered is scalable, performing and highly available.
However, when other factors come into play, engineering for them can be incredibly difficult. Ideally, any new incidents that occur are in fact, new. They haven’t been seen before. Having a strong process around troubleshooting, communication and recovery can massively reduce cycle times.
‘Critical Systems’ are no longer just the core systems that generate cash for organizations. Technology is extremely interwoven with massive amounts of data being relied upon for near-real time and real-time decision making. Systems we used to think of as back-office are increasingly becoming even more critical in delivering end-to-end services. The ability for the entire organization to run effectively is now considered under this category, everything from Order to Cash, through payroll and on boarding of employees. The scope of this group of systems is widespread and puts a significant amount of pressure on departments who previously were not considered to be so important in the grand scheme of things.
The onset of cloud providers, technologies and outsourcers has enabled organizations to think differently. It is best to first focus in on core capabilities. What services does the organization provide that are materially important? How are they run and managed? Who is responsible for them and do we have a ‘burning platform’? Many questions and not a huge amount of answers can be found without really digging in and figuring it out.
I spend a significant amount of time with ServiceNow’s financial services community and regularly have conversations about who is doing what, or how does this type of organization manage this and so on. There is no silver bullet or answer. However, in meaningful and challenging conversations, we often come up with the ways and means that technology can help with the process and governance for a transformative program.
In my next blog, we will talk about how response is often as important as recovery.