Banks are racing to comply, but data and performance challenges loom
PSD 2 By the end of January, new rules governing payments, trades and transactions will be effective. But few organisations are prepared for the unprecedented stress that the new requirements will put on the banking infrastructure.
It’s crunch time in the banking industry as the countdown begins to the dawn of a new regulatory era.
In order to meet next month’s deadline for the implementation of the Markets in Financial Instruments Directive II (MiFID II) and the Payment Services Directive II (PSD2), banks are adding new layers of complexity to technology environments whose size, scope, and interdependencies already create significant challenges. Complexity breeds performance problems though. Rank and file developers are increasingly asking whether their teams will be able to detect and resolve issues before they impact business objectives.
Challenge 1: Delivering good data faster
Most organisations are understandably focused on the immediate deadlines. MiFID II takes effect on 3rd January, followed, two weeks later, by PSD2 on 18th January.
"MiFID demands some transactions (that were once reported on a monthly basis) must now be reported within minutes."
To achieve increased investor protection and transparency, MiFID II requires more detailed and immediate transaction reporting. In some cases, transactions that were once reported on a monthly basis must now be reported within minutes. In addition, banks must show that transactions have been made in the best interest of their clients. In practice, this means IT organisations must find ways to quickly extract data that currently exists in data stores across multiple system layers and bring it together while ensuring its integrity.
The challenge facing most organisations is that their existing infrastructure was not designed to cater to modern regulations.
A detail as small as inconsistent data IDs can create a significant stumbling block. To get around the obstacles, developers are writing new code and even creating systems on top of systems. This will get their organisations to the go-live dates, but what will happen after that? Transaction volume can be expected to spike unexpectedly. Unforeseen glitches will lead to slowdowns or outages. During these times, banks may find themselves unable to meet their regulatory deliverables, or worse, find that their customer experience is negatively impacted.
Challenge 2: application programming interfaces
Like MiFID II, PSD2 will depend on the flawless interaction of multiple, existing systems that were created for other purposes. For the first time, banks will be required to open up account information to third parties to encourage innovation. The mechanism for implementing PSD2 is more than half a dozen application programming interfaces (APIs). As the name implies, APIs make it easy for one application to interact with another application.
At the surface, APIs appear refreshingly simple. However, that’s only because IT teams are busy underneath doing the heavy lifting to create and maintain the new APIs and the systems they rely on.
The risk of performance problems is high. At this stage, the day-to-day usage of PSD2 APIs is very difficult to predict. At any given moment, dozens of internal systems could be receiving requests from multiple PSD2 APIs. The demand triggered by a successful third-party marketing campaign could easily create unexpected performance problems with a cascading effect on the user experience. The damage will be intensified by the ease with which customers can switch to a new bank whilst still being able to use the same technology. It is well documented that banks that are slow to address issues can expect to lose customers. For example, 80 per cent of respondents to a recent Attention Span Survey said they deleted an app because of poor performance.
Challenge 3: Reducing regulatory risk
The picture for unprepared organisations is grim, but it needn’t be. In recent months, we’ve been working with financial services organisations to help them understand how a unified application performance monitoring (APM) solution can reduce some of the biggest risks associated with the new regulatory environment. Above all, it is important to recognise that disparate monitoring, alerting, and log aggregation tools are likely to fall short. Organisations need the end-to-end visibility provided by a unified solution to ensure speedy root-cause analysis and minimise downtime.
Faster, proactive issue identification and accelerated mean time to resolution (MTTR) are among the top reasons for adopting unified APM.
"IT departments are right to be concerned about the impact of real-world loads once the regulations take effect."
But the benefits go deeper. Certain solutions can help organisations meet MiFID requirements without building huge data warehouses. Instead of rolling out a new system with new points of failure, applications can enable organisations to unlock the business data within transactions and correlate that data with technology performance. Parameters that ensure transactions are being made in a client’s interest can be visually tracked on a dashboard. And, unlike alternative solutions, the value is usually seen within days rather than months.
Solutions such as AppDynamics Business iQ also remove the guesswork from understanding the performance of new PSD2 APIs. On the one hand, they can alert IT as soon as any problem – or potential problem – is detected in the systems that support the APIs. On the other, they can deliver real-time data on how the APIs are being used far quicker than any historical method using business analytics — and further correlate with technology performance.
IT departments are right to be concerned about the impact of real-world loads once the regulations take effect. By providing them with the tools they need to manage performance now, before the regulations take effect, organisations will minimise risk — and maximise resiliency.