FCA Highlights Risks of Technological Change

The UK’s Financial Conduct Authority (FCA) has released the results of a review into how firms implement technological change. In a phrase that will be familiar to many and is likely to cause the odd wry grimace amongst technology teams, the report notes that changes “don’t always go to plan” and seeks to highlight ways in which firms can avoid or mitigate service disruption.

Although many changes are successful, this review reveals that failed technology changes are one of the main causes for operational disruption within firms, accounting for a quarter of all high severity incidents that cause harm to consumers and the market. The FCA says that 17% of almost 1,000 “material incidents” in 2019 were attributed to change activity.

Unsurprisingly perhaps, the review found that changes made by firms with strong governance and risk management strategies are more successful, that robust testing is an important part of the change process, and while testing automation has benefits it also presents challenges. “We also found that pairing subject matter expertise with a clear understanding of a firm’s strategy is vital,” the FCA states, adding, “It is very important for firms to understand how technology change activity can affect the services they provide, and invest in their resilience to protect themselves, consumers and the markets. This is especially important as firms increasingly use remote and flexible working.”

The review argues that alongside strong governance a frequent release cycle and agile delivery can help firms to reduce the likelihood and impact of change related incidents, something that may be food for thought for those firms with longer release cycles.

Prime causes of failures were a lack of visibility over third-party changes, a reliance on manual review and actions, a reliance upon legacy technology and the sheer size of the change. “Changes deemed by firms to be ‘major’ were over twice as likely to result in an incident when compared with other change types,” the FCA says.

The average number of changes implemented in 2019, per firm, was 35,000 the FCA says, highlighting the potential scale of the problem. The highest proportion of changes were aimed at maintenance and upkeep of systems, as well as meeting regulatory and legal requirements.

The full report can be found at https://www.fca.org.uk/publications/multi-firm-reviews/implementing-technology-change