Understand the risks of existing tech debt
Until it’s subject to a rigorous analysis, managing tech debt is similar to managing other kinds of risk: You don’t know what you don’t know. That’s why we ask organizations to take inventory of their tech debt and prioritize it based on the organizational risk it presents. That risk comes in three broad categories: regulatory, financial and reputational.
- Regulatory risk: For capital markets firms, there is a competitive advantage to being able to comply with regulations more quickly and cleanly than the competition. One major bank was recently fined $136 million because they weren’t accurately reporting loans to regulators. Why? Their core business was in legacy systems, their reporting capabilities were in the cloud, and the two weren’t integrated well. They had tech debt sitting in between their two worlds.
- Financial risk: Workaround integrations can lead to financial loss. They can prevent positions from being displayed correctly and can cause errors or lags in reconciliation. That makes it much more difficult to hedge a risk or to understand changes in accounts and positions.
- Reputation: Tech debt can create headline-level risk to a financial institution’s reputation: In one recent case, a major institution was investigated for doing business with a Russian account, even though that account had raised a red flag on the institution’s online trading subsidiary. It's likely that the institution's know-your-customer and anti-money-laundering infrastructures were not fully integrated.
More commonly, reputation risk comes in the form of a bad customer experience. Tech debt can make a mobile app unreliable, making it difficult for clients of wealth managers to access their portfolios. In rare cases, such hiccups can even cause a system outage.
Prevent future tech debt
As important as it is to strategically refactor existing tech debt, it’s also important to minimize the amount of tech debt created in the future. Governance and leadership are critical here.
When organizations have hundreds of applications that need to be modernized or moved to the cloud, it’s imperative to have a strong team leading the initiative. Modernization and migration need to be run as a program, not a series of one-offs. Ideally, this team works across business, IT, compliance, risk, legal and corporate functions to get everyone on the same page, and to establish a shared vision of the future state.
That group can also create a holistic consolidated roadmap across the organization’s ecosystem. That’s useful to internal stakeholders and to regulators concerned about a firm’s ability to modernize and meet regulatory requirements.
The alternative is that applications get modernized – or not – based solely on a business perspective. Each application owner decides if, how and when their application is going to modernize or migrate. But when dozens or hundreds of application owners are able to ignore the advice of their cloud champion, strategy leader, or architect, the result is often an explosion of tech debt – creating unnecessary risk that endangers both the organization’s business results and its reputation.
Ripple Bhullar is Executive Vice President and head of U.S. Capital Markets for Kyndryl.
Raj Bhatti is a Kyndryl Consult Partner
More to the story