The Channel logo


By | Kat Hall 3rd May 2016 08:34

Old, complex code could cause another UK banking TITSUP – study

Blighty has 900k lines of code per mission critical app, one-third above world average

Another major banking outage similar to the RBS disaster back in 2012 is likely to happen again in the UK, given the amount of legacy code in the sector, according to research.

The average mission critical banking application has around 600,000 lines of code, according to a study by software firm CAST which analysed systems and applications at the source code level across the world.

However, in the UK mission-critical banking apps have between 800,000-900,000 lines of code. Greater complexity of systems makes it harder to get a full picture of organisations' architecture and can cause more glitches.

Lev Lesokhin, CAST's senior vice president of strategy and analytics, said: "In consumer banks, there are core components been there for a long time. Even if something has been written in Java in 90s that is still 20 years ago."

He said: "In the UK it seems there is a more lackadaisical approach to employing software engineering techniques."

Lesokhin said that banks typically experience between 20-30 incidents per month, adding: "I've seen no evidence of that number changing over the last decade. I would imagine it is only a matter of time that we see another major incident when you look at the odds."

The UK's banking sector has seen a spate of outages caused by IT cock-ups over the last five years. Most notorious was the 2012 RBS and NatWest outage which affected at least 6.5 million customers in the UK and lasted for weeks.

In 2014 the banks were slapped with a £56m fine by regulators, who warned that the disaster could have threatened the stability of the entire financial system.

According to the report from CAST, which is titled Crash, organisations from the United Kingdom deliver applications at the highest risk (lowest security scores). Continental Europe generally records the best scores for this measure.

Lesokhin said greater quality assurance is needed over developers. "Applications teams are responsible for making systems complex – but that is often being driven by the business. Business guys are looking at the competition and panicking and throwing requirement at the software guys. That means they don't have time to pay down technical debt."

He said: "Some organisations are putting a tithe on all new projects, any new project business asks for there is a 10-15 per cent charge on that project to fix architecture, technical debt. As it is causing the applications not to be structurally sound. In the end it is the CIO's responsibility, because they are in charge of systems and the level of risk they are being exposed to." ®

*TITSUP = Total Inability To Support Usual Performance

comment icon Read 68 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe