Large financial institutions can often be resistant to change; they may be limited by legacy infrastructure and high levels of internal bureaucracy. However, one of the biggest obstacles they have is their mindset when it comes to technological innovation.
Financial services is now a business that revolves almost entirely around technology, and this digitalisation has happened at speed. Customers expect always-on access to banking services and can quickly take their business elsewhere if these expectations are not met.
Digital-first ‘challenger’ banks and fintech are, by design, in the perfect position to address these demands. Many older, more established institutions have had to digitise their existing analogue services and struggled to adapt. But by learning lessons from these new market entrants, incumbents can adapt their culture and approach to technology.
A more agile, flexible approach
A key tool to support this cultural change can be found in DevOps. This is a term used to describe a set of best practices concerning the combination of software development and IT operations. It sits at the intersection of the creation of new software-based services and the actual deployment of these services in a real-world environment. It’s an agile methodology used by many technology-focused companies.
Introducing new products and services involves change. And as far as many large financial institutions are concerned, change goes hand-in-hand with risk. Banks want to upgrade their products but can’t afford anything to go wrong. A new service that doesn’t work or creates unexpected problems will have a negative impact.
So, the ideal scenario for a financial services organisation is to develop customer-friendly products with features that have genuine consumer appeal in such a way that they can be smoothly launched with minimal risk and easily managed on an ongoing basis. By using the principles of DevOps, this is possible. But banks that stick to the old way of doing things will struggle to achieve these goals.
Why the old approach is outdated
In order to manage risk, conventional wisdom used to dictate that it was best to bundle up a number of changes — whether new features, security patches, compliance or regulatory updates, and so on — and apply them all in a bundle at fixed times throughout the year.
But in life, as in technology, the smaller that you can make the change, typically the less risk there is associated with it. Also, the easier it is to back out and revert if you need to. Change is a lot less risky when it’s done in very small bite-sized pieces. And that’s the thinking behind the agile methodology associated with DevOps.
DevOps focuses on small incremental changes introduced on a rolling, regular basis. Typically, you would start with a minimum viable product in a live environment, then gradually introduce features and upgrades as they become ready. This minimises potential disruption — there’s very little system downtime and anything that doesn’t work can be quickly rolled back. Fixes can be applied before the feature is re-released, without compromising the organisation’s ultimate strategic goals.
Compare this to the old way of doing things where business-critical systems were taken offline for significant periods of time and rafts of changes introduced all at once. If anything went wrong, it was highly problematic to figure out what the problem was, whose responsibility it was, and how to roll it back. Taking a DevOps-style approach to technological development makes much more sense.
How banks can shift their cultural approach
The best way banks can set themselves up for future technology success is to focus on their cultural approach to technology development. When it comes to major projects such as overhauling and replacing legacy infrastructure, using DevOps principles will only lead to the outcomes you want if you can challenge the culture of change across significant parts of the organisation, capitalising on opportunities to change the way that technology is managed, delivered, and deployed within the wider business.
It’s important to ensure that key players within the organisation understand the benefits that DevOps principles can bring – and have them act as advocates for change. It’s vital to consider how your technological partnerships play into making this cultural shift too. Partners that share the same outlook and use agile methods that you want to adopt will be able to provide proof points that the DevOps approach works. It’s also advantageous to communicate the change in culture to customers in a highly evangelical way to ensure they buy into it. Staff, partners, and end customers should all agree that the changes being made are for the best.
Another consideration is how the organisational structure can be adapted to give ownership and responsibility for the impact assessment of changes to the people that have actually created them. A traditional approach to governance would see those taking the responsibility for change governance and decision-making sitting several layers above the people originating the changes. This is perhaps understandable given the potential impact of something going wrong, but the entire approach is flawed. Leaner governance structures are critical for the success of DevOps culture.
Measuring the success of DevOps culture
To ensure that this cultural shift is adopted in the long term, the progress and successes of the DevOps approach must be clearly communicated within the business. The big advantage of following this path is that you can measure outputs quickly and accurately because you are dealing with specific chunks of work on a regular basis. This allows you to change course along the way – you won’t end up doing two months of work only to realise that it’s not what you wanted, or that it’s not giving you the right results.
At its heart, embracing DevOps is about recognising the importance of deploying change as it’s ready. There is significant value in getting updates, whether security features or additional functions live and into a product as soon as possible. Updates aren’t hidden in bundles of change. This is fundamentally empowering for all involved and creates a virtuous circle of ownership and quality.
It’s also an approach that ensures high availability. In the world of payments, in particular, being always-on is very important in terms of customer experience. The growth of SecDevOps to the ways of working only embeds this further, ensuring that security principles are ‘coded’ in at inception and are not a secondary consideration later in the process.
In summary: Embracing change will lead to success
The pace of change in banking has arguably never been greater than it is at the moment. The pressure on long-established financial institutions is immense, with rivals old and new competing for their customers at every turn. Standing still is not an option, so incumbents must improve their existing services and develop new ones. If they don’t, they will get left behind. Times change, and so must they.
And it’s the approach that banks take to this change that really matters. It’s easy to get lost in the big picture, especially when thinking about what things will look like five or 10 years from now. In my view, taking a much more granular outlook to change is the best way forward for banks. By using the principles of DevOps and SecDevOps they can make change more manageable, empower their teams to deliver, and put themselves in the best position to compete in the long term.
Article written by Eimear O’Connor, Chief Operating Officer, Form3