When tech debt reaches a tipping point – and how to manage it

By: Ripple Bhullar and Raj Bhatti

Tech debt spares no one: Sooner or later, every enterprise acquires it. Tech debt is mainly the inevitable byproduct of forward motion. Any creative person staring down a tough deadline will devise shortcuts to help meet it. The organization may then be left with glitchy code or systems that are difficult to fix. 

Respondents to the 2024 Kyndryl Readiness Report cited technical debt among the top five modernization challenges. Reducing tech debt can be a long-term, expensive project that internal teams don’t have the bandwidth to tackle. 

As capital markets firms continue their cloud journeys, tech debt is becoming something they can no longer ignore. A lot of the “easy” workloads are already in the cloud. Now organizations are looking at replatforming or modernization initiatives – sometimes in response to new AI capabilities offered by hyperscalers -- that require them to address their tech debt.

As tech debt increases, it creates financial, regulatory and reputational risk. It also represents a continuing cost, depleting budget that otherwise may go to new projects.

That makes it important to understand and manage the risks posed by tech debt, so that organizations can come up with a strategic plan to eliminate the worst of it. It’s also critical to understand how tech debt gets created at scale, so that future tech debt can be minimized. 

The consequences of an ad-hoc move to cloud 

Cloud migrations can greatly accelerate the creation of tech debt, as many organizations migrate large parts of their IT estate without a clear strategy dictating which applications should move first, what data management would look like and how existing data management and governance could be aligned with cloud architecture and processes. The bridge linking the core business – mostly happening in the legacy world – with their cloud-based capabilities turns into tech debt. 

Third-and fourth-party platforms also contribute to tech debt, as they may require extensive customization. Fitting those customizations into a new ecosystem often results in tech debt.  

Understand the risks of existing tech debt

Until it’s subject to a rigorous analysis, managing tech debt is similar to managing other kinds of risk: You don’t know what you don’t know. That’s why we ask organizations to take inventory of their tech debt and prioritize it based on the organizational risk it presents. That risk comes in three broad categories: regulatory, financial and reputational.  

• Regulatory risk: For capital markets firms, there is a competitive advantage to being able to comply with regulations more quickly and cleanly than the competition. One major bank was recently fined $136 million because they weren’t accurately reporting loans to regulators. Why? Their core business was in legacy systems, their reporting capabilities were in the cloud, and the two weren’t integrated well. They had tech debt sitting in between their two worlds.  
• Financial risk: Workaround integrations can lead to financial loss. They can prevent positions from being displayed correctly and can cause errors or lags in reconciliation. That makes it much more difficult to hedge a risk or to understand changes in accounts and positions.  
• Reputation: Tech debt can create headline-level risk to a financial institution’s reputation: In one recent case, a major institution was investigated for doing business with a Russian account, even though that account had raised a red flag on the institution’s online trading subsidiary. It's likely that the institution's know-your-customer and anti-money-laundering infrastructures were not fully integrated.  

More commonly, reputation risk comes in the form of a bad customer experience. Tech debt can make a mobile app unreliable, making it difficult for clients of wealth managers to access their portfolios. In rare cases, such hiccups can even cause a system outage. 

Prevent future tech debt 

As important as it is to strategically refactor existing tech debt, it’s also important to minimize the amount of tech debt created in the future. Governance and leadership are critical here. 

When organizations have hundreds of applications that need to be modernized or moved to the cloud, it’s imperative to have a strong team leading the initiative. Modernization and migration need to be run as a program, not a series of one-offs. Ideally, this team works across business, IT, compliance, risk, legal and corporate functions to get everyone on the same page, and to establish a shared vision of the future state.  

That group can also create a holistic consolidated roadmap across the organization’s ecosystem. That’s useful to internal stakeholders and to regulators concerned about a firm’s ability to modernize and meet regulatory requirements. 

The alternative is that applications get modernized – or not – based solely on a business perspective. Each application owner decides if, how and when their application is going to modernize or migrate. But when dozens or hundreds of application owners are able to ignore the advice of their cloud champion, strategy leader, or architect, the result is often an explosion of tech debt – creating unnecessary risk that endangers both the organization’s business results and its reputation. 

Ripple Bhullar is Executive Vice President and head of U.S. Capital Markets for Kyndryl.

Raj Bhatti is a Kyndryl Consult Partner

More to the story

• How one Belgian bank boosted its regulatory readiness
• Banking and financial services: The Kyndryl Readiness Report
• Ready to curb tech debt? Start here.