| INTRODUCTION | | | | desired. |
| The confluence of SOA and SOX has had | | | | This second point is critical. Management at financial |
| unexpected consequences, making software | | | | firms typically realizes that ISVs require comprehensive |
| development more efficient and system failures rarer. | | | | development specifications. Equipped with them, ISVs |
| There are a number of reasons why new systems | | | | are able more rapidly to build-and modify-applications |
| fail. But thanks to developments in service-oriented | | | | to better meet the needs of firms and their clients. This |
| architecture (SOA)-which reduces interdependencies | | | | minimizes the traditional back-and-forth and decreases |
| between applications-and the implementation of the | | | | the amount of time required for financial firms to |
| Sarbanes-Oxley Act (SOX), which has led to more | | | | realize a return-on-investment (ROI) on their new |
| firms outsourcing development to independent | | | | applications. These successes build upon each other. |
| software vendors, the likelihood of all-out failure has | | | | The bank that successfully rolls out an ISV-created |
| been reduced. | | | | application is encouraged to develop more applications. |
| There are two types of major systems in financial | | | | From a systems' development perspective, the |
| services firms, with vastly different success rates and | | | | cumulative effects of SOA and SOX have been |
| implementation challenges. The first type-client-facing | | | | largely positive. Many financial firms that had historically |
| systems-are outwardly focused. They connect | | | | created their own systems often failed for one simple |
| bankers, financial planners, hedge fund managers, | | | | reason. The best programmers and developers tend |
| stockbrokers, and their ilk with customers. Examples | | | | to work for software companies, not financial firms. |
| include banking and bill payment, 401(k) management, | | | | Financial firms that contract ISVs to create specific, |
| remote deposits, derivatives trading, and position | | | | client-facing applications typically realize a number of |
| monitoring. While these systems have many different | | | | significant benefits. |
| objectives, they have two overriding | | | | LESS RISK WITH ISVs |
| commonalities-they link customers and investors with | | | | Weinrib Partners, a fictitious hedge fund, wants to |
| their financial institutions and generate revenue in the | | | | create an application allowing its investors to wire |
| process. | | | | money from banks directly to the fund. Weinrib's |
| Not all systems in a financial firm are client-facing. | | | | managers decide to outsource development to an ISV. |
| Organizations' back-office systems are inwardly | | | | The application has one very specific purpose and the |
| focused on internal employees and daily operations. | | | | managers can very clearly articulate the application's |
| Customers never use or even see these applications. | | | | requirements to an ISV which, in turn, expedites |
| Examples include supply chain management, | | | | development. Testing should manifest any and all |
| accounting, human resources, and payroll. Back-office | | | | issues because of the application's singular purpose. |
| applications-typically called enterprise resource planning | | | | Weinrib launches its application to clients who no longer |
| (ERP) systems-record sales and purchase | | | | have to write and mail checks to deposit funds. It is |
| transactions, update inventory, and cut employee and | | | | important to note that Weinrib owns the application |
| vendor paychecks. Invoices, receipts, and reports can | | | | created by the ISV. As a result, Weinrib can control |
| also be produced by back-office systems. Unlike their | | | | the application's customizations and enhancements. If |
| client-facing brethren, back-office systems generate | | | | Weinrib's customers request that the application |
| no revenue; they support cost centers. | | | | integrates with QuickBooks and Microsoft Money, for |
| The different scopes and audiences of these | | | | example, then Weinrib can approach its ISV |
| applications result in different rates of success. | | | | immediately about making this change. |
| Client-facing systems fail much less often than | | | | Contrast the system ownership model with traditional |
| back-office applications. By and large, the challenges | | | | ERP purchase and support model. Organizations that |
| faced by financial firms with respect to enterprise | | | | utilize SAP or Oracle as an enterprise system have no |
| systems are not materially different than those faced | | | | control over its delivered functionality. End-users can |
| by retail, health care, or government organizations. | | | | always submit vendor "enhancement requests," but |
| Back-office systems support the entire enterprise, not | | | | there is no guarantee that they will be adopted in |
| simply one function. ERPs have to handle a number of | | | | future releases of the application. What's more, IT |
| disparate tasks, the vast majority of which tie back to | | | | departments that customize ERPs face a number of |
| the general ledger (GL). ERP systems are tightly | | | | significant obstacles. For one, customizations typically |
| coupled with one another. A problem in one area will | | | | invalidate vendor support agreements. Second, making |
| almost always affect another. | | | | a tweak to a general ledger program, for example, |
| On the other hand, client-facing applications can be | | | | may break something else. Enterprise systems are |
| considered "best of breed" and often do not need to | | | | very involved and contain many interdependencies. |
| integrate with other applications. They typically are | | | | Finally, even a successfully implemented customization |
| designed to accomplish one or a limited number of | | | | may go by the wayside after an upgrade or service |
| specific objectives: transferring funds, buying and selling | | | | patch. |
| stocks, and the like. Handling stock trades or dividends, | | | | In April of 2008, PNC completed its acquisition of |
| for example, is much less exhaustive than managing | | | | Sterling Financial Corp. While there were many |
| an entire supply chain or paying employees in 48 | | | | reasons for the merger, one of the more overlooked |
| states and seven countries. As a result of this limited | | | | ones involved technology. Specifically, Sterling's internal |
| integration, their development cycles are much shorter | | | | systems had become antiquated. Its senior |
| and their failure rates much lower. | | | | management realized that the necessary investment |
| SOA AND SOX | | | | to upgrade them would be cost-prohibitive. |
| Two recent and seemingly unrelated events have | | | | Sterling is not alone in this regard. Many financial |
| coalesced, resulting in more efficient software | | | | institutions have realized that the old maxim applies: "If |
| development and fewer system failures. The first is | | | | you can't beat 'em, join 'em." Organizations with |
| the advent of SOA, which provides methods for | | | | antiquated client-facing systems cannot re-tool by |
| systems development and integration in which | | | | simply making a few, relatively inexpensive |
| systems group functionality around business | | | | enhancements. More often than not, a complete |
| processes and package these as interoperable | | | | overhaul is necessary. At a minimum, most financial |
| services. SOA also describes IT infrastructure that | | | | systems today must comply with SOX requirements, |
| allows different applications to exchange data with | | | | integrate with external banks, offer customers a |
| one another as they participate in business processes. | | | | powerful and user-friendly experience, and ward off |
| Service-orientation aims at a loose coupling of services | | | | increasing security threats. Beyond these requirements, |
| with operating systems, programming languages, and | | | | applications often need to do more. Rather than |
| other technologies which underlie applications. | | | | merely transfer funds, many applications offer data |
| On the regulatory front, due to SOX requirements, | | | | mining and business intelligence (BI) capability and allow |
| many financial firms no longer attempt to create their | | | | agents, bankers, and other personnel the ability to |
| own internal systems. SOX's increased audit | | | | customize offerings based on the individual customer's |
| requirements have resulted in many financial services | | | | financial situation. Added to this, organizations' IT |
| firms using independent software vendors (ISVs) to | | | | budgets are under a microscope. |
| build proprietary systems. Firms such as Infosys | | | | CONCLUSION |
| specialize in making or selling software, designed for | | | | While there is no secret sauce to building and |
| mass marketing or for niche markets. | | | | implementing client-facing systems, financial firms tend |
| Due to the arrival of both SOA and SOX, many | | | | to minimize failure rates by utilizing ISVs and |
| financial firms have abandoned internal application | | | | extensively documenting business requirements. |
| development and now deal almost exclusively with | | | | Seasoned ISVs allow firms to quickly create and roll |
| ISVs, who observe the following cardinal rules with | | | | out custom applications that can increase firm revenue, |
| regard to software development: Issues found later in | | | | profitability, and ROI. With respect to enterprise and |
| an application's development cycle are exponentially | | | | back office systems, however, financial firms should |
| more time-consuming and expensive to fix than issues | | | | not try to build from scratch. They realize no |
| found at the beginning of the cycle. Unlike off-the-shelf | | | | competitive advantage from payroll vendors or |
| applications, software developers can essentially build | | | | employees. In this sense, financial firms tend to have |
| anything. Software engineers and coders do best with | | | | many of the same issues as the rest of the corporate |
| pristine development specifications, allowing them to | | | | world. |
| accurately build the applications and functionality | | | | |