The Financial Conduct Authority is launching an investigation into Britain's banks' IT systems after a raft of glitches hit millions of customers across the industry.
However, for some professionals, this does not come as a surprise.
So, IBTimes UK decided to catch up with Lev Lesokhin, executive vice president of strategy and market development at Cast, which has called out massive financial institutions on IT problems in the past.
Q: Will banks or financials ever invest enough to stop these glitches from happening again?
A: At the current rate, it does not look like banks and financial firms are trending towards anything near enough investment to tackle these issues.
There is a lot of emphasis on testing in most banks, with armies of testers deployed to ensure the systems perform as expected. This is an anachronistic approach, however, because there's a lot of change in bank systems and it's impossible to test everything.
The IT executives at the bank need to measure the structural quality of their software and take responsibility for it. This has not yet happened, except on the heels of loud, public disasters when someone needs to be made into the sacrificial lamb.
Q: So, it this the tip of the iceberg?
A: Very much so, I'm afraid. The systems we are using for day to day business operations at banks are only getting more complex, they are getting extended to new channels and these changes are occurring at an accelerating pace.
Without structural quality oversight, the risks that lurk in these systems will multiply. With web services, application programming interface (API)-based computing and cloud we are going to see the structure of current systems get stressed to such an extent that we will be seeing more and more erratic behaviour on the part of online banking systems.
Q: What are the top things companies can do now to stop this from happening then?
A: There are individuals within banks who know that there is a structural quality problem that incurs software risk.
The issue is that companies need to get organized around this issue quickly. The "do-gooder" individuals who know the organization needs to do better will not be able to marshal the organization to attack structural software risk.
The best way is through issuing policy - internal policy coming from the chief investment officer's office or the risk office to mandate structural quality risk controls.
Eventually, this will take place anyway in the form of regulatory oversight.
In the US, the Securities and Exchange Commission is already putting systems compliance and integrity (Reg SCI) regulation in place.
In Europe, the regulators are keen to introduce IT risk management oversight.
Companies can get in front of this movement by instituting their own controls and measuring the levels and trends of structural quality in the core banking systems and mission critical applications.
IT executives at banks need to be held responsible for doing their utmost to manage structural quality throughout the application development and enhancement cycle.