Posts Tagged ‘banking’

IT outsourcing in the banking sector – what’s the big deal?

July 10, 2012

It is no surprise for those who work in the technology and banking sectors: banks often make large use of outsourcing and managed services for their IT. It is a cost-efficient solution that can help them remain competitive within the market with easy access to the best skills, technology and processes available. However, banks tend to be wary of announcing this practice to the world as they fear customers will think their personal and financial information may be put at risk, and won’t trust them with their money.

Since the NatWest/RBS/Ulster IT glitch became public there has been a lot of speculation around the origin of the issue. The banking group has tried to remain vague while focussing on reassuring their customers, while people took to online forums and social networks to make accusations towards the bank’s IT management and sourcing choices.

The banking giant was in fact accused of hiding the fact that the problem was possibly linked to their use of offshoring, as recent job ads for the support of one particular system which was thought to be the cause were found on recruitment websites in India.

But if the glitch had been caused by an in-house team member, would it have caused less of a reaction? What about an in-house IT Service Desk, but managed by an external service provider? Rather than pointing fingers at ‘outsourcing’, the real issue might be ‘bad sourcing’ or ‘bad IT management’. As this example might have shown, offshoring to save money might actually create more costs due to many factors, such as cultural differences, lack of control, different laws related to data security, and so on. A managed service, where IT is retained in-house and simply managed by a trusted third party, can be a much safer option.

Perhaps if there was more information on outsourcing, customer culture could change and they, too, could start to see outsourcing like a good thing, an improvement, a cost-efficient solution rather than a threat.

A recent survey by the National Outsourcing Association (NOA) found that 80 per cent of UK citizens believe ‘outsourcing hinders British businesses’. However, only 27 per cent of UK citizens associated ‘a local computer company providing IT support to small businesses’ with ‘outsourcing’, while 58 per cent thought ‘a bank opening a call centre in India’ was an example. This clearly means that outsourcing is mainly associated with offshoring, which is only one possible way to outsource a service or function. But there are many other, safer solutions that still use UK resources, such as managed services, co-sourcing and shared services – some even allow the organisation to keep staff in the same office.

So on one side, banks should probably be more transparent on their use of IT outsourcing, so that customers can get used to the fact that its use is quite common. It is important for bank customers to know where their data is stored, who has access to it and what the risks are.

On the other, it is important that people are being made aware of what outsourcing is, what types exist and what benefits this practice can bring. Banks should clearly explain what measures are in place to ensure their personal and financial information is not accessed, stolen or lost and why using an outsourced or managed service can be a benefit for them as well, improving their banking experience by maximising the skills and services of outsourcers.

 

Jon Reeve, Principal Consultant

This article appeared on Director Of Finance Online:

http://bit.ly/PAAeia

Advertisements

The peculiarities of Metro Bank’s IT outsourcing model

October 20, 2010

Recently-launched Metro Bank has made headlines these last few months for more than one reason: it is the first high-street bank to launch in over 100 years; it follows a retail store model, offering longer opening hours and no weekly closing day; and virtually all of their IT is outsourced to a Managed Services provider.

The news of a bank outsourcing its IT does not come as a complete surprise, as many banks outsource certain functions such as software development, IT Support etc. There are elements of novelty in this choice, though – for instance the fact everything but security and the local networks and terminal devices is being outsourced, which puts a lot of technology in the hands of the provider. It is also unusual that they have chosen a new provider, niu Solutions, which is a merger of four different IT and telecom providers and has little track record as a unified company. And finally, what is most interesting about Metro Bank’s set-up is that they are using a new ‘pay-as-you-grow’ Managed Service model that is highly-virtualised, flexible and scalable – something only a start-up is likely to have considered.

Some publications reported that the bank is using cloud computing, but they are probably mistaking the somewhat flimsy term with plain virtualisation. This is not a shared service – the bank has paid upfront for the hardware and has employed the provider to manage their systems, which run remotely from two data centres in the UK.   While it’s likely that the provider will be looking to add customers to the model, there’s little doubt that Metro will insist upon a high degree of separation of “their” equipment in the provider’s datacentre to help minimise security risks.

With any financial firm, but particularly a retail bank, information security is an overriding concern.  As well as the detailed personal and financial records they hold for their customers, there is also concern about who has access to the various financial systems that are used for recording and executing financial transactions.

Locating kit at a provider’s premises introduces a transfer of control issue, but Metro bank will mitigate that by ensuring data at rest is encrypted, and that the right security standards are enforced at the provider’s datacentres.

Clearly it is in the provider’s interest to supply a good and secure service to retain their clients and their reputation, and the advantage of dealing with a supplier is that roles and responsibilities should be clearly defined and contracted.  This is in contrast to relying on internal staff – the assumption might be that this improves security, but it also introduces the risk that there is less formality and, consequently, fewer proper control measures.

The biggest concern in a modern bank is logical security, rather than physical. Access to accounts and key financial systems will be highly restricted and audited. Since operational security at Metro Bank is retained in-house, the risks of a provider’s rogue employee having the level of access necessary to steal data or using the system for criminal purposes is relatively low.

A concern in any outsourcing arrangement is the financial stability of your chosen partner.  Such concerns would be particularly acute for Metro Bank as there would be serious repercussions if, for example, a company failure meant it couldn’t get access to its systems.  Clearly Metro will have done its homework on its chosen provider and insisted on various safeguards and insurances.

The new ‘pay-as-you-grow’ model appears to be convenient especially because of its scalability potentials – after an upfront payment for hardware, the bank pays a cost per user and increases its spend as the client and user base grows. With any new venture, it can be difficult to predict what the level of growth will be, and by adopting this model Metro will only pay for the growth as it’s achieved – rather than needing to make significant upfront investments to ensure growth isn’t hindered. Also, by leaving IT to the experts the bank is able to concentrate on customers and operations without having to worry about IT availability and support, sure of getting a high quality service thanks to SLAs.

This model is certainly interesting, but needs to show it can work in order to gain more trust among both banks and bank customers, and therefore be embraced by a larger number of companies. Retail banking is a better candidate for the model than, say, Investment Banking where the breadth of systems typically used and high-speed real-time requirements for data delivery might deter the organisation from being so bold. Nevertheless, this innovation can create many benefits from a business point of view: if this model manages to work over time, it could create many more opportunities for service providers to enlarge their range of work, and for banks to embrace cost-efficiencies that will enhance their competitive value and, ultimately, their potential for success.

Adrian Polley, CEO