Building operational resilience in financial services

Financial service providers operate some of the most critical systems that consumers and businesses interact with on a daily basis. Everything from buying a coffee to paying a bill or taking out a mortgage depends on continued access to a bank and its services. It is essential that these services are resilient and always available, otherwise financial services organizations not only risk losing consumer confidence, but could also breach the policy of industry regulators.

However, as the financial industry continues to become more innovative in its use of technology, with everything from open banking, contactless payment and biometric authentication becoming more widespread, the systems that power these services are also become more complicated. As a result, it is becoming increasingly difficult for IT operations and development teams to maintain the end-to-end view necessary to ensure that services are always available and provide a seamless customer experience.

Regulate for resilience

These questions have recently become even more relevant with the introduction of new PRA Operational Resilience Policy. The policy requires financial organizations to identify their “significant business services” by considering how disruption to these areas could impact beyond their own business interests. For example, an hour-long outage in a central banking hub could have far-reaching consequences outside of the bank, ranging from delays in exchanging contracts on buying a home to consumers stuck in queues. queues at supermarkets unable to pay for their groceries.

Once their important business services have been identified, the policy requires financial providers to assess their operational resilience. In other words, they need a clear understanding of the organization’s ability to prevent, recover from, and learn from disruptions to important business services. It also requires them to set an impact tolerance for these services, to specify what is the maximum level of disruption that an important business service can sustain before it causes a risk to the organization or its customers.

At their core, the new regulations were designed to protect the wider financial sector and the UK economy from the impact of operational disruptions that could create situations like these. This is an important step to highlight the strategic importance of observability in the financial services industry.

More and more complex services

This faster pace of innovation has come at the cost of greater complexity in how financial services are designed, built and operated. Organizations have adopted a host of modern approaches such as multi-cloud environments, cloud-native architectures, and open-source code libraries to drive innovation and create new digital solutions. But while these have allowed banks to move quickly, they are also increasingly difficult to monitor manually. In reality,
67% of CIOs in the financial services industry say the complexity of their environment has outstripped the human capacity to manage.

This complexity has the potential to create blind spots that lead to disruptions to important business services if left unchecked. Without visibility across the entire technology stack, it becomes more likely that a software update to add a new feature or fix a vulnerability in a critical banking application could impact service availability. Limited visibility also makes it very difficult for developers to quickly identify the precise root cause of the problem and fix it, which means downtime can exceed impact tolerance.

To anticipate where these issues may arise and proactively resolve them before customers are impacted, finance organizations need end-to-end observability across the entire environment supporting their critical business services. By combining this observability with AIOps capabilities, financial service providers can identify any threats to the stability of their important business services in real time, making it easier to ensure their resilience.

Benefits beyond compliance

The new PRA policy only reinforces the fact that it is no longer a “benefit” for banks to have an end-to-end view of their technology stack – it is an essential requirement. At first, these regulations may seem like a heavy-handed approach to enforcing the need to monitor critical services and report disruptions. But in the long run, the results of these efforts will have a significant impact on the ability of financial service providers to differentiate themselves by delivering seamless digital experiences to their customers. If financial organizations see these regulations as an opportunity to improve the way they deliver IT services to the business and its customers, they will soon discover new ways to innovate and outpace their competitors.

Comments are closed.