Definitely agree. Having worked extensively with some large banks I've found that they are absolutely cutting edge in technology in one area and one area only: credit card fraud analytics. That's because credit card fraud creates a material financial risk for the bank that they can't defer to someone else. Most other risks banks deal with are managed through complex financial hedging, government backstops, or insurance schemes and so they invest very little in doing anything "correctly". Rather, almost everything about banking compliance is driven by checkbox tickers and not by experts.
I think it is unfair to think that banks don't want to do things correctly but they suffer along with all other corporates of too many levels of management to be agile, systems that are far to risky to change/replace, legacy systems and a high turnover of staff. If I ran a bank, I suspect I would run it exactly the same way because I have to.
Perhaps I'm too close to the issue as I have worked with these businesses, but I disagree. This is intentional on their part, because banks first and foremost are about identifying and managing risk. If they can find a way to mitigate that risk or externalize it, then they no longer need to deal with it head-on. Most of the risks related to IT should be dealt with head-on because they grow over time as you stay still and technology moves further away from you, and it's impossible for anyone to accurately predict the future and therefore future risks.
Many banks and other financial institutions are finding this out now in their desperate bid to find competent COBOL programmers to continuing maintaining legacy critical applications running on mainframes when most COBOL programmers are retired or dead, and more are headed that way every day. It wouldn't shock me to find out that the effects of COVID being weighted towards worse outcomes for older people had a material effect on the human resource risk of using COBOL-based critical systems.
Banks will absolutely hold on to anything to avoid an unknown risk as long as they think they can hedge or mitigate known risks, and utterly fail to acknowledge the truth of unknown unknowns. This will ultimately be their downfall if governments ever let them follow standard business outcomes, otherwise they'll eventually absorb some upstart to keep hedging forever.
>Banks will absolutely hold on to anything to avoid an unknown risk as long as they think they can hedge or mitigate known risks, and utterly fail to acknowledge the truth of unknown unknowns
Nassim Taleb has written entire books on this fact about banks. It's interesting that the same flaws in their financial thinking apply to their IT infrastructure.
I think technology is fundamentally a tool for organizations, and as such will always evolve to reflect the larger organization. You can see this in software design and it is also seen in the IT infrastructure architecture.
