The Financial Conduct Authority (FCA) introduced a Senior Managers Certification Regime to ensure that COOs and/or CIOs sign-off to guarantee that internal operations and technology are robust and fit for purpose.
Workload Automation is one of the most critical technologies in the banking industry, delivering critical business processes on a 24/7 basis.
Before CIOs sign-off with the regulator to guarantee that their core Workload Automation systems are resilient, they should consider a number of issues.
Here is a list of these important issues and questions for your serious consideration:
Is your Workload Automation infrastructure safe, stable and worthy of SMF24 sign-off?
The Workload Automation market is mature and typically ‘runs-like-clockwork’ and as a result in-house Workload Automation administration, development and support is finely tuned, with cut- down staffing. This means limited internal capability to cover system failures.
Don’t expect the cavalry to arrive in the form of vendor support either; many Workload Automation vendors have shifted their development efforts to other products leaving skeleton development and support resource.
All of which means major potential exposure in case of a Workload Automation system failure or a major system upgrade.
At many financial institutions the main focus is reduction of running costs of infrastructure and core systems. A stable Workload Automation system is a common candidate for cost reductions, but the risks can be high.
Skills and numbers of Workload Automation (internal or outsourced) support resources -need to be considered. There must be the right numbers of appropriately skilled support to handle all contingencies.
An absolute necessity is a holistic strategy to mitigate operational risk – covering and including internal support, outsourced support and the vendor’s support. The end-to-end support model must work.
How Does a Workload Automation Outage Affect your organisation?
Financial Institutions rely on Workload Automation on a 24/7/365 basis - even a 10 minute outage can cause significant losses, and long outages result in huge financial and reputational losses.
In 2014, the BBC reported that a major British bank had been fined a total of £56m by regulators after issues arising from a failed Workload Automation software upgrade in 2012 left millions of customers unable to access accounts. The bank’s significant outages resulted not just in fines but, more importantly, in damaging reputational loss.
CIOs need to review their Workload Automation Systems
Workload Automation is the lifeblood of enterprises across all industries running their critical business processes on a 24/7 basis.
Workload Automation platforms in Financial Institutions are typically considered stable, so management typically concentrate on reducing costs of administration and support.
For Financial Institutions, employing experienced Workload Automation consultants is expensive, and there are always more affordable options including outsourcing and offshoring.
Similarly, for software vendors, employing experienced Workload Automation product managers, developers and support staff is costly, especially when the products are considered stable and have a limited development roadmap.
We help CIOs Review their Workload Automation Options
1. Vendor Review
Product roadmap - is the product still under development or has it - in IBM’s phrase – been functionally stabilised? Could patches be created and distributed in a timely fashion if needed?
Vendor commitment - does the vendor have a strategy for expanding their user base, or is the product simply a cash-cow to be milked for maintenance and support renewals?
Vendor support - does the vendor have the intention and capability to assist customers in the case of outages or major upgrades when internal resources cannot cope? Is your version of the product currently supported by the vendor?
2. Support model review
End-to-end support analysis – does the current support model effectively mitigate operational risk, by covering and including adequate internal support, outsourced support and vendor support?
Summary and Next Steps
The 2008 Banking Crisis established a need for greater regulation of banks and testing their resilience to failure. Stress tests are applied to the banks’ commercial operations and the Senior Managers Certification Regime is a logical extension of this rigour into the core systems area.
Before CIOs sign-off with the regulator to guarantee that their core Workload Automation systems are resilient, they should consider whether the vendor is invested in the ongoing development and support of the WA product. It is my observation that there appears to be a huge disparity in the vendor investment in development and support.
Sadly we are sure to see further failures in the future, and lessons will be learnt.
What we recommend customers do now is minimise their risk, by undertaking the following steps:
Undertake a ‘fit-for-purpose’ review of your current Workload Automation platform:
- Review the vendor’s roadmap.
- Review the vendor’s ability to deliver future changes.
Undertake a review of the end-to-end Workload Automation support capability:
- Review the expertise of your internal and outsourced Workload Automation support team.
- Review your Workload Automation monitoring, heath-checks, capacity management. functions. Is your Workload Automation administration and operation robust, optimised and automated?
- Review your procedures for undertaking Workload Automation upgrades.
- Test the in-house ability to react to a Workload Automation outage.
- Review the vendor’s ability to provide rapid high-quality technical support. Do they retain enough dedicated support staff to provide 24/7 support. How quickly do they respond to your support requests?
Satish PatelChief Operating Officer Extra Technology
Copyright © Extra Technology Ltd. All Rights Reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.