System quality: an IT problem, or a wider risk consideration for financial institutions?

Associating the need for change with the evolution of financial services practices is entirely reasonable. The trading rules, initially established within the confines of traditional trading floors and simplistic technology, became inadequate in addressing the transformative impact of advanced communication methods and highly complex algorithms. Consequently, the industry underwent a substantial transformation.

The regulations governing financial instruments, originally not equipped to handle the intricacies of derivatives in the past decade, underwent thorough reconsideration and rewriting. In certain countries, there has been a notable shift, with Senior Managers being directly and personally held accountable. This move eliminates any ambiguity surrounding executive responsibilities and underscores the potential personal liabilities faced by those officers affected by these changes.

In looking at the next stages of evolution of the financial services industry, the move to digital platforms, the growth of FinTechs and the closure of branches are changing the face of retail banking. Banks are moving away from the traditional model to one where clients are served by technology rather than people. The adoption of chatbots and increased use of artificial intelligence will only serve to accelerate this process further.

The blurred lines between operations, risk and IT

For some time, there has been a blurring of  lines between banking operations and computing. In fact, certain people within the industry have made the claim that banks are, in essence, massive IT organisations operating under the traditional bank brand.

If we accept this principal, then is it not reasonable to accept that the testing and assurance of IT systems in financial services should be a matter for a Chief Risk Officer, rather than the technology organisation? The dependency on technology is now absolute, and the risks associated, if not quite existential, are massively significant. This is more than reporting on the status of technology within a subset of governance, but a shift in where the onus lies.

Too many organisations still pay lip service to Quality Engineering/Quality Assurance. Within some major financial services organisations, the choice on how and when to test is still decided at project level, rather than as a core part of organisational strategy. Additionally, a misconceived view that testing the solution will result in a high-quality solution is often missing the point that without the correct forethought in scope, operational use of the solutions and ultimately what the right solution is, is missed or achieved only after considerable shifts in timelines or costs. The result is a legacy of mocks, stubs, and other pieces of code, often built by contractors, that deal with individual elements of the process, but which sit outside of a connected, holistic approach. Even worse, there are still organisations that are effectively testing in production, which given the associated risks is an astonishing realisation.

Preparing for the RTGS 2025 deadline

The financial services sector is currently undergoing a significant change as it prepares for the Real-Time Gross Settlement (RTGS) deadline of November 2025. The urgency of this transition is heightened by the introduction of the richer, more complex ISO 20022 messaging standard, which further underscores the necessity for highly robust testing practices. Failure to rigorously test before the full implementation of RTGS carries severe consequences at an organisational and individual level. Operational disruptions, financial losses, and reputational damage are potential outcomes that could significantly impact the stability and standing of the institution.

Technology – the essential cornerstone of operational resilience

Surely, technology within a financial services organisation should be treated as an operational resilience issue, and not just at an availability level through the DORA legislation or as defined in the FCA’s PS21/3 policy statement. Quality Engineering within mission critical systems should not be seen as an overhead or an irritant. It should be seen as a fundamental element of ensuring the risk profile of the institution is effectively managed. Organisations need to consider moving Quality Engineering, including testing, from the IT division itself, into a risk focussed team that polices testing; developing strategies, defining proper end-to-end test infrastructure, and working with partners to develop efficient and consistent quality assurance models that address not only the needs of a project, but the needs of the organisation as a whole. 

The days of seeing quality as something protected by simply throwing enough offshore resources at the issue, have surely passed. Though offshore models still have a part to play,  they are not a panacea and that needs to be reflected in how banks engineer their future quality models. In the longer term, successful financial institutions will not address the issue of testing at a project level, or even a programme level, but as a core part of organisational risk.

Despite this, studies from Celent have found that 37% of large banks believe they won’t meet the November 2025 target and 25% say they will need help to meet the deadline or rely on available stop-gap measures. Only 3% of corporates expect banks to be 100% ready, suggesting client confidence is extremely low ahead of this pivotal transformation.  

As we stand at the precipice of this transformative shift – the RTGS deadline and the implementation of the ISO 20022 messaging standard – the urgency for robust testing practices has never been more critical. It is time for those in the financial services sector to acknowledge that technology is not simply an operational or compliance matter, but rather an essential cornerstone of operational resilience.

Quality Engineering, particularly in the realm of mission-critical systems, must transcend its traditional confines within the IT division and find a new home in a risk-focused team. The days of peripheral attention to quality, relegated to project-level decisions, are over. Financial institutions must recognise that quality assurance is not a mere overhead; it is a fundamental element of effective risk management.

For those who fear they may not be ready to meet the impending deadline, be it the RTGS impending deadlines or any other critical transition, Roq is here to help. The path to a resilient, technologically adept future in the financial sector requires a fundamental shift, and Roq is here to help pave the way.