EU Report on Risks and Vulnerabilities in the EU Financial system


On the 2nd April, the EU released a report on Risks and Vulnerabilities in the EU Financial system, which focuses on the importance of robust IT systems for financial institutions.

The IT systems of financial organizations are becoming increasingly sophisticated. This in turn has meant that the operational risks have increased. The report states that “concerns are growing over the increasing persistence, intensity and sophistication of information technology related operational risks, including risks of cyber incidents and/or malicious attacks as well as accidental failures of IT systems”.

The report raises doubts about the future of IT budgets in financial institutions. It believes IT budgets need to be protected in order to ensure the robustness of IT Systems. The continued mergers and acquisitions of institutions within the financial sector, requires the integration of disparate systems across organizations. According to the report, the need to maintain legacy systems between organizations and developing heterogeneous systems is being neglected by financial institutions. In particular, the issues relate to the increasing volume of use, and the inability of existing IT systems to cope with ever evolving business and regulatory requirements.

The report recommends that the IT systems need to become more ‘agile’, so they can adapt quickly in a changing business and regulatory environment. In addition, the overall IT infrastructure needs to be able to adjust quickly to new threats and challenges. This is particularly important as more institutions become reliant on Cloud-Based technology.

Importantly, the report states that “pressure to get products to markets, particularly in the mobile space, is a source of risk as sufficient time to test before go-live dates is squeezed”. It also suggests that operational risks are not being correctly assessed. This is because business stakeholders lack the necessary ‘in-depth technical insights’ to effectively mitigate operational risks. The report is clear, these issues are leading to insufficient system resilience across the financial sector.

How can BDD help?

BDD enhances collaboration and communication between the IT development team and business stakeholders. By working together on the requirements for the development or maintenance of a system, many of the operational risks can be mitigated early on. As everyone has an input, including developers and testers, weakness in the system is likely to be identified at an early stage. This includes ensuring there is redundancy in the IT infrastructure to cope with potential growth in the volume of data and system usage.

By participating in the development of requirements, business stakeholders begin to develop the “deep technical insights” that the EU report recommends. They will also be able to identify potential external risks earlier, and ensure that the system is robust and resilient to regulatory and business challenges and changes. In return, the whole IT project team gain an understanding of what the business needs and why. This results in a better product, which can cope with evolving and increasingly sophisticated needs of the financial institution.

A key advantage of using BDD that it supports the agile development of the system, ensuring it can adapt quickly to any changes. Additionally, continuous delivery reduces the risks related to go-live dates being squeezed, as software is delivered more quickly and efficiently.

Using BDD can solve many of the problems identified in the EU report. But without an awareness of these risks within the business, financial IT systems will continue to lack the robustness that is vital for financial institutions to thrive and survive in the modern era of technology.

You may also like…