FIN.

FCA reports on technology risks and mitigation

FCA has published the results of a multi-firm review that looks at how firms implement technology change and how to deal with problems that result.  The review looks particularly at the consequences of the pandemic, which has meant firms have had to implement change quickly but of course they do not always go to plan.  FCA found that failed technology changes are one of the main causes for operational disruption within firms.

The report says strong governance and risk management strategies are key.

The report looked at key factors that contribute to change success and failure, and how firms govern, build and deploy change as well as how infrastructure impact it.  FCA concludes that as well as strong governance and risk management, the firms that fare better are those with large enough budgets for IT change and make frequent releases, and who have a good microservices architecture and agile development methodologies.  Firms who lack visibility of third party changes, and whose change management processes rely heavily on manual review and action are more likely to face issues, and major changes are twice as likely to result in incidents than standard changes.

Firms recognised that it is important to have well tested roll-back plans to address the risks of customer harm.

Among the other issues highlighted are that firms’ “change advisory boards” often do not challenge any decision, which minimises their effectiveness, and that many firms are working with old system architecture, which has been patched many times.

 

Emma Radmore