Eko UK Limited

Legacy Fintech software – too risky to replace?

Why avoid Risk?

Fintech is understandably a risk-averse industry. No-one wants to lose sleep worrying about avoidable risks to their finances or to their business. Using IT to reduce needless risk in financial services might be said to be doing some good in the world - at least we and our clients sleep better!


Legacy systems

Traditional financial service providers have been using fintech since long before the word was even coined. Banking, trading, insurance, and risk management were early adopters in harnessing the power of IT. Consequently, financial service providers can have generations of software spanning decades co-existing in their systems.

Such a complex mix of new and legacy software can carry an unpalatable level of risk when upgrading components.

Within complex IT system infrastructures the risk/reward ratio of replacing a legacy system can make leaving well alone look like a good choice. At the same time, choosing not to replace a legacy system risks incurring what is known in IT as technical debt. Over time technical debt can accumulate to the point of making a system unmaintainable - effectively ‘painting yourself into a corner’.

To mitigate long-term risk, your IT providers should give guidance on technical debt - typically system maintenance should include budget for regular paying down of technical debt. A mature long-lived system will generally benefit from keeping up with useful developments in computer science, such as new hardware, systems architecture or coding paradigms.

Any change to code carries risk, and good IT providers utilise multi-disciplinary approaches to managing changes safely whether at macro or at micro level.


Strategic sense-making

Seeing the big picture and making sense of complex systems is not easy. Systems theory has spawned decision-making tools such as the legendary Dave Snowden’s Cynefin framework, which helps manage change by first categorizing by complexity the changes being considered. Each level of complexity - obvious, complicated, complex or chaotic - represents a different risk profile, and each has its own set of best practices for change management.


Behaviour Driven Development (BDD)

A major source of risk in IT is that business stakeholders and developers often effectively speak different languages - bridging the gap between natural language and technical language can be a challenge.

BDD is an agile software delivery methodology which meets this challenge by prioritizing a collaborative approach to delivering business objectives. All stakeholders - including developers and testers - share an understanding of a project’s vision and goals, and regular timely conversations between stakeholders are the mainstay of the development process. Users’ needs are captured as Acceptance Criteria in near natural language, readable by non-technical stakeholders. Large monolithic deployments are avoided, and instead features are prioritized and deployed in repeated short-cycle deliveries to detect misunderstandings early. In this way, the risks and attendant costs of late rework are minimized.


Chaos Monkey

This colourful risk management concept originated at Netflix, and is a tool which intentionally disables components of computer systems to test software’s ability to tolerate failures, while remaining resilient and maintaining quality of service.

Central to this approach is a comprehensive test suite hierarchy, spanning low-level unit tests, through systems integration and ‘real world’ tests. Test platforms reduce project risk because they are intentionally written separately from the underlying system under test, and tests can be run automatically and continuously. Testing therefore provides a platform-agnostic means of ensuring code meets all specified business behaviour and remains robust and resilient.

A comprehensive test suite offers a means to change any part of a codebase safely, with assurance that unintended consequences will be identified early by regression tests.


Too risky to replace?

Fintech services have a unique set of risk characteristics that can make any software changes liable to cause sleepless nights.

Nevertheless, judicious use of risk mitigating technologies can give confidence that the right tools are being used, the right user stories are being implemented, and the right tests are being run.

As a developer, when together with stakeholders we tick all those boxes, the peace of mind achieved feels wonderful. A culture of considered, continuous, comprehensive testing means arguably any piece of software can be upgraded safely.

At Eko, we regularly run workshops to discover the risks and engineer a path to a solution. If you’d like to engage in one of these workshops you can contact us via http://www.ekouk.com/contact


Leave a Reply

Scroll to Top