> In less than 5 years there will be an EU directive on how financial institutions need to have immutable db architectures with full provenance.
I'm a former Entreprise Architect from Banking Sector in Europe.
To be clear , this will never happen.
There has never been any directive that has had a "concrete" impact on IT Architecture of Financial Institutions.
Yet there has been dozens of regulations that urged banks to "simplify" their IT Systems.
90% of IT Staff are Baby Boomers with no background in Systems Design or Architecture , thus when new regulation comes in it follow this scenario 100% of the time :
- Find a vendor that sell a software that promise compliance with new regulation
- Find an integrator that promise integrations within the deadline
- Integrate the vendors software in Banks legacy stack of 3000+ monolithic apps
- Send report to regulator saying they have "redesigned" their architecture and made "investment" in order to take in account and that new regulation
Best examples of this is "PSD2" which has been the biggest fiasco of the industry , has of the last year only 18% of banks complied with the regulation.
France and UK said they would not "fine" anyone, because banks "aren't ready" and made "considerable" investment in it.
Regardless of what HN thinks , you won't solve Financial Institutions Multi Decade Legacy with a single Directive that would suddenly force them to use "ImMuTABLe Db ARChITectuRES"
It Directives have never worked and will never work.
The only way to enforce anything would be to remove their IT systems completely and have them use APIs provided by the regulators , and have the regulator become the sole provider of "Financial System".
I work for a major US bank. Regulators frequently (multiple times a year across different areas of the business) have detailed discussions with us about specific technology choices, especially regarding issues that could affect data integrity or disaster recovery.
I have not seen regulators require a specific technology, but I have certainly seen them questioning technology choices. There may be some truth to echopom's claim (made regarding European regulators, nott US regulators) that regulators can be bamboozled with meaningless claims to have "redesigned" a system and "invested" in it... I couldn't say because both of the US banks I have worked for have taken even gentle hints from regulators EXTREMELY seriously and would not have attempted to bamboozle them.
I work for a large financial institution in the US and this pattern (which you've brilliantly described) seems to be slowly shifting. We're buying less shit and building more. Developer experience is still absolutely horrific but there are material efforts underway to improve it that are starting to pay off.
I don't know that we'll ever get to 'move fast and break things', but I think that's OK.
Some UK banks (at least Monzo, Bo, Mettle and Starling) have fairly sound data models for their ledgers and implement stuff like PSD2 fairly effectively. Presumably over time legacy banks will either catch up or incur the regulator's ire
I have worked in a German bank and the bundesbank does regulate on very high-level decisions. f.e., systems which do financial crime monitoring need to be compliant with their rules. Access to pre-production should be limited.
> Banks have extremely strict rules when it comes to system "access".
Isn't that's because of SOX compliance requirements?
So, the point above is that "a new set of requirements" could be added regarding "data store software integrity" (though probably named better) if it turns out to be needed. :)
> Isn't that's because of SOX compliance requirements?
Bank always had very strict rules , SOX just force them to formalize those rules/process.
Per say , prior to SOX they would not conceal the review of the logs , now with SOX they will will edit a PDF that say "We have review logs for Apps X and consider no suspicious activity had occur".
Surely they IT depts won't be 90% baby boomers forever. At some point even the most rusted-in-place employee has to leave the company, either through retirement or because they died of old age. Slowly but surely even late followers like banks will move into the 21st century. Banks are not very keen on spending money on things that "aren't broken" but they're even less keen on losing customers and paying fines.
I'm a former Entreprise Architect from Banking Sector in Europe.
To be clear , this will never happen.
There has never been any directive that has had a "concrete" impact on IT Architecture of Financial Institutions.
Yet there has been dozens of regulations that urged banks to "simplify" their IT Systems.
90% of IT Staff are Baby Boomers with no background in Systems Design or Architecture , thus when new regulation comes in it follow this scenario 100% of the time :
- Find a vendor that sell a software that promise compliance with new regulation
- Find an integrator that promise integrations within the deadline
- Integrate the vendors software in Banks legacy stack of 3000+ monolithic apps
- Send report to regulator saying they have "redesigned" their architecture and made "investment" in order to take in account and that new regulation
Best examples of this is "PSD2" which has been the biggest fiasco of the industry , has of the last year only 18% of banks complied with the regulation.
France and UK said they would not "fine" anyone, because banks "aren't ready" and made "considerable" investment in it.
Regardless of what HN thinks , you won't solve Financial Institutions Multi Decade Legacy with a single Directive that would suddenly force them to use "ImMuTABLe Db ARChITectuRES"
It Directives have never worked and will never work.
The only way to enforce anything would be to remove their IT systems completely and have them use APIs provided by the regulators , and have the regulator become the sole provider of "Financial System".
They wont let that happen.