Silicon Valley vs. Wall Street: How Banks Keep Up with Tech Leaders
High levels of regulation are a central feature (and a key source of whole-face migraines) for the banking industry.
The fiddly niggle is that regulation creates hurdles to the glorious flow of software features that might reduce their customers’ cortisol levels by making their life admin easier or simpler; a trick that Silicon Valley’s darlings have got sewn up like digital kipper.
Yet banks are expected to deliver applications and services that live up to Silicon Valley standards. If they don’t, the banks will find their enervated customers jumping ship to a competitor that better scratches their financial itch.
For this reason, banks today have two choices. They can either modernise their software delivery in ways that keep it both compliant and up-to-speed with the latest technology, or they can fall behind.
In this post, I outline the ways in which banks can leverage the innovation of Silicon Valley to deliver better software faster, while continuing to meet the complex regulatory requirements that govern the banking industry.
No Excuses
What financial services banks offer the consumer is never a surprise. Services like current accounts and investment instruments are packaged and presented in creative new ways, but the basic offer never changes. They're all selling the same shtick!
Which means competing in financial services is going to take something above simply having the best rates or most convenient ATM locations.
Instead, banks must win at the customer service level.
And because service is leveraged via applications more than in-person, the banks must understand what it takes to build great applications that their users 1) love don't hate, and 2) help (even slightly) to shrink the maelstrom of complexity that modern life involves.
These user applications are not necessarily subject to the same compliance and governance that other tools are, but they are driven by these backends. And these backends (some of which are so old they were around before Friends was a thing) are impossible to change overnight.
What the Valley Offers
What Silicon Valley knows very well is how to release applications so good that users will prefer using them over talking to their loved ones, and how to update those applications to customer demands rapidly. They focus on automation and results, and make sure that the barriers are addressed head-on.
So how do banks reconcile what Silicon Valley has taught us about faster application releases at a higher quality? And how do they ensure they can deliver the same level of service without breaking any rules or laws?Turn It On Its Head
While the chief argument in adopting modern development practices in financial services is that it will harm governance and compliance, the opposite is true. The automation and tools that DevOps and the Silicon Valley bring banks actually help in the following ways:
- Compliance: Usually compliance is considered a front-loaded activity. But rules change, which means what was compliant when you built an app might not be later. Traditional development practices would handle this with a Waterfall development method, and regain compliance in months. With DevOps development practices, the appropriate response can instead be levied in days.
- Governance: Change control and implementing governance should not be front-loaded either. It should be ongoing. The systems that determine the rules should be built into the software delivery chain. When code is shipped, frameworks and libraries are automatically checked against accepted license databases and organisation rules. Documentation happens in real-time via version control systems and automation processes. Scripts in infrastructure-as-code provide a current and detailed documentation of system architectures. All of this actually makes governance more accurate, not less, and more responsive than ever before. The act of sitting down to manually document and check everything after a system has been implemented should not occur!
- Security: There are two ways to address security concerns: 1) prevent problems from ever happening, and 2) have the best systems to respond when they do. Traditional security experts put a lot of faith in the fact that they can prevent security issues. But, beyond zero-day security issues, all possible exploits in the future are impossible to predict. That is why modern systems use prevention as a design pattern in application architectures and release automation processes, and put a huge emphasis on how to respond. Modern infrastructure actually supports better security by leveraging things like immutable containers, where changes are limited and which, if exposed, can be quickly destroyed and replaced.
- Competitiveness: According to a recent Accenture survey, 18% of millennials switched their primary bank in the last 12 months, which means delivering poor applications has a direct impact on churn. Keeping your customers’ attention in an ever-demanding ecosystem means you can prove that you can deliver high-quality applications, and have a good development cadence. There is simply no excuse!
Hark, the DevOps Angels Sing
There is a theme to all of the above. In banking, the objective has been to get everything right up front. This objective has framed processes, talent, applications, and is entrenched in the culture.
The problem with this approach is that the day applications are launched, they are fit-for-purpose, but they age very quickly, and the traditional software delivery process of banks is not designed to keep the necessary changes coming.
DevOps, by contrast, is literally measured by the velocity and volume of change that can be put through a system; it’s built into its processes.
When DevOps was introduced by the unicorns in Silicon Valley about ten years ago, the concepts were what the banking industry sought as well, but neither the tooling nor the culture in banking were ready to take it on.
Fast-forward to the present, however, and the practices and tooling of DevOps are sufficiently evolved – and the need for banks sufficiently urgent – to allow banks to deliver software faster and better while remaining compliant. Agility and adaptation are built into the modern DevOps process—and that’s exactly what banks need to stay competitive in the brave new world that Silicon Valley dominates.