Banking faces a wall of IT debt, Tietoevry thinks it can break through

Banking faces a wall of IT debt, Tietoevry thinks it can break through

The financial sector is one of the most critical industries on the planet. However, many banks are operating with a huge weight on their shoulders: antiquated IT. How do they overcome this issue and manage to innovate when customers expect the world of them? We discuss it with Valdis Janovs, who served as Head of Instant, Retail Payments and Cards at Tietoevry until very recently.

A short background on Tietoevry first. The Finnish Tieto and Norwegian company EVRY merged in 2019 to form Tietoevry, currently based in Finland but active throughout the Nordics, Baltics and various other EMEA regions. The company offers a broad range of financial services and products, including the backend for instant payments, cards as well as many offerings tailored to specific industries. Many of these areas of expertise originated from mergers and acquisitions throughout Tietoevry’s 56-year history.

“We are helping banks to modernize, to advance their payment institutions and possibilities”, Janovs states, speaking to us shortly before his departure was announced. Globally, it is offering “a completely productized business”, he says, “meaning that these are off-the-shelf products”. In one live implementation, it is supporting over 40 million debit and credit cards. In total, this platform alone works with around 100 banks and third-party processors worldwide and processes over 20 billion transactions a year. More than 200 million people use Tietoevry’s platforms daily.

Modernity versus antiquity

Valdis_Janovs_VERDE_14.06__MartinsGoldbergs-125 (1)
Valdis Janovs, former Head of Instant, Retail Payments and Cards at Tietoevry

Tietoevry, then, is well-positioned to tell us about the issue we’ve illustrated. And there’s plenty to talk about. “We’ve noticed that the platforms we’re developing are extremely modern compared to many banks we’ve met, especially in western Europe and the Nordics”, Janovs says. This need not surprise many. As early adopters of IT, many financial institutions took to tech in the 1970s and 80s.

Janovs points out that some modernization took place in the 90s, but thereafter, the sheer complexity of the task grew to be insurmountable for many. Given compliance needs and the impossibility of meaningful downtime, rip-and-replace was and continues to be off the table.

This is a multifaceted problem. Any new payment solution or card faces a byzantine testing process. “There are many interdependencies”, as Janovs describes it modestly. And we haven’t even mentioned an ever-diminishing amount of expertise in the many dialects of COBOL that ancient banking tech is often programmed in…

Right off the bat, then, banks “measure ten times and cut once”, Janovs says. Change means risk. But change is necessary to meet customer expectations, he points out, which are: “Multiple digital channels, completely digital workflows. That includes onboarding [i.e. opening an account] and real-time processing of everything.” No time for batch processing during off-hours, then. The time of day is now expected to be irrelevant, Janovs says. This makes the continued use of antiquated IT ever tougher to stomach.

This isn’t new, by the way. Janovs highlights how instant payments, fuelled by the explosion of mobile apps, have been a staple for over ten years now. This means having a core architecture that is always up and running. “For many banks, that’s a challenge. And the biggest challenge is to ensure the payment not only comes in, but can be used immediately for something else.” It just so happens to be the case that Tietoevry knows how to get past this barrier.

Why Tietoevry?

As mentioned, Tietoevry’s systems have to support tens of millions of cards, all being used for payments multiple times per day, anytime, anywhere. Thankfully, its offerings sidestep the COBOL-ridden IT that banks may still use internally. “We don’t really care about the coding language they use, because our products are cloud-native, cloud-ready. We run on Unix, Oracle databases and microservices on some of the cloud deployments.”

How come Tietoevry isn’t having to delve into ancient programming paradigms to get its modernization done? You’d perhaps expect them to, given the fact such initiatives are usually held back internally due to this incurred technical debt. “When we are starting these migration projects, we need to analyse the source data, but not the language it’s coded in”, Janovs says. “We need someone who is able to explain the business logic or the business needs on the bank’s side. Then we’re able to take the data, transform it and load it into the new platform. We’ve done this several times.”

The kicker here: all of this is about reducing risk. Banks will no longer rely on the expertise of a limited few (many of which may be past retirement age) and instead move their operations elsewhere, translated into a modern verbiage of Kubernetes, IT best practices and cloud adoption. “We are eliminating the old systems from the workflow.” Any number of new interfaces will offer internal employees the same functionality they’re used to. Obviously, they’re designed to be PCI and SSF compliant as required by law. But also: “One of our value adds is that we’re regionally compliant too”, Janovs states.

No cloud worries

As a critical industry, the banking sector faces much more than compliance needs. Cybersecurity threats are ever-present. Tietoevry offers best-of-breed in these areas, Janovs says. There are plenty of internal and external pen-tests on top of certificates and standards such as ISO 27001. In addition, Tietoevry offers its services in a SaaS, public cloud setting. This isn’t limited to but focused on AWS, while Azure is also an option. It’s given Tietoevry the “in-built security layer” these clouds offer as well as allowing the company to “excel in automation”, as Janovs puts it.

Tietoevry has been adopting the cloud for the better part of a decade. This was borne out of a simple need to run more efficiently. The automation of deployment through Ansible and Terraform has been a particularly pleasant advantage over the old on-prem setup, which also featured the endless drudgery of maintaining hardware. A number of services run through Azure, which was Tietoevry’s first public cloud platform. “For our payments and cards offering, we’ve found that AWS offers more benefits”. The company’s therefore not locked in to any specific vendor.

This cloud adoption has proven to be a success, and emphatically so during Covid when remote development became a necessity. Tietoevry also co-innovates with multiple cloud providers through strategic agreements.

Another advantage for customers is simply that adoption is much quicker than before. A card management system used to take maybe two years to implement, Janovs says. Now, given certain preconditions, a SaaS offering can be installed within a week and certification can start quickly for a full rollout, which inevitably takes some time. However, at that point, we’re not talking about a technological limitation anymore. “You can click ‘install’ and it sets up all the Infrastructure-as-Code in the public cloud.”

Compliance troubles? Not so quick

Some banks may be hesitant when they hear “cloud”. But Janovs believes they need not worry. Moreover, they ought to think the opposite, he says. “Security is in a much better place in the cloud than when you’re building your bespoke systems in-house or running some kind of private cloud setup. Banks don’t always realize that their teams of, say, 15 or 20 security specialists will not be able to do more than the hundreds of AWS or Azure employees focused on this area.” On top of that, the latter group is tasked with engaging cyber threats on a vast scale and in continuous motion, often equipped by the latest information from partnered or internal threat intelligence personnel.

‘But what about a sovereign cloud?’, some will ask. Wouldn’t the prized personal data of EU citizens be up for grabs by U.S. authorities if they wished, given the particulars of the CLOUD and DATA Act? The uncertainty seems to linger, and it has done so for a while. “That is a journey yet to be accomplished”, Janovs admits. This is really the answer we’d have expected, as even the EU seems not to know. Various laws simultaneously limit the use of American-operated public clouds as well as allow for their adoption through technicalities.

However, Janovs is adamant: “This is not a concern. The reason is that all cloud providers we’re working with allow for regional data processing, which is governed by very strict agreements. We know where the data is, basically.” It’s actually when Tietoevry engages with developing economies that it sometimes encounters trouble owing to stringent data laws. In such an instance (or for some Europeans still hesitant), an on-prem implementation is still very much possible.

Conclusion: a need to turn the page

It has taken some banks ages to modernize. While understandable, modern needs are forcing their hand. Thankfully, it appears the task in front of them isn’t quite as circuitous as one might think. Perhaps internally, there will be shoddy attempts to turn COBOL into Java through AI, as IBM has suggested. This is no panacea, as one needs to look at the basic business needs and processes. Those need to stick around for business continuity needs, but they can indeed be replaced wholly.

So, in conclusion, what kind of a migration are we talking about? Tietoevry ultimately maintains business processes while replacing the foundation altogether. In effect, it’s a migration without having to unpick the exact functionality of each line of code – that may still be something banks have to do on their own time if critical behaviour is to be maintained. Nevertheless, to offer new products one needn’t go that far. That’s where Tietoevry can provide aid instantly.