Financial services firms often rely on outdated technology to deliver services to clients and to manage back-end processes, with new software and hardware then connected to the pre-existing system. But such setups, with their reliance on legacy systems, pose serious threats to these companies, their financial advisors and their clients.

Topping the list of concerns for many financial services firms is security, says George Butters, CEO of NewMediaDrive.com, an information-technology (IT) consulting firm in Fredericton with a client list that includes Toronto-based TMX Group Ltd. “Financial firms really have to pay attention to their legacy systems,” says Butters. “They can be a very juicy target. Pickpockets don’t have to be in the room anymore.”

Specifically, technology is constantly changing, which means a safety protocol or precaution that worked yesterday may be obsolete today. San Jose, Calif.-based Cisco Systems Inc.’s, 2016 Annual Security Report found that 33% of companies that participated in the study indicated that compatibility issues were a significant obstacle to adopting advanced security processes. Only budget considerations presented a greater barrier.

Furthermore, the 2016 Cybersecurity Predictions Report from Austin, Tex.-based Forcepoint LLC singled out aging IT infrastructure as a major problem, especially if the system connects to the Internet, that will only escalate as maintenance costs rise, manageability falls and human resources are more limited.

According to the report: “Attackers continually search for forgotten or abandoned systems, looking to worm their way into the heart of the enterprise. At some point, the cost of older systems … will reach a tipping point and become prohibitive.”

The dangers that legacy systems present can range from “the trivial to the fatal,” says Butters, who sits on the boards of several credit unions and League Data (which provides technology services to approximately 50 credit unions in Atlantic Canada). “It all depends on the legacy system, the new or pending system, and the difficulties in integrating the two.”

According to a report from SimCorp A/S, a global investment-management software firm based in Copenhagen, many financial services firms’ existing systems are struggling to adapt to new demands and, as a result, those firms are putting their investments at risk and the industry’s reputation on the line with trillions of assets being managed on out-of-date systems. Meanwhile, the volume of trading data is growing at an unprecedented rate, increasing by 60% every year on average.

“The frenetic pace of change in the industry is not conducive to continued usage of legacy systems,” says Klaus Holse, SimCorp’s CEO. “Firms run the risk of discovering that their IT infrastructure becomes a Gordian knot that’s too difficult to untangle. Legacy systems were built for simpler processes and simpler times.”

Generally, there are four criteria define a legacy system:

– Hardware and software that’s not updated or upgraded regularly.

– The technology on which the system runs usually is antiquated.

– Connecting the old technology to newer systems is problematic, even impossible.

– No ongoing integration and assessment of the technology from an overall business perspective.

Research published in SimCorp’s 2015 report, Legacy Systems: The Elephant in the Room. Why Investment Management Firms Need to Tackle the Issue Head-on, found that legacy systems are the primary driver of manual processes, which heighten operational risk, increase processing times and hinder business growth.

In fact, due to legacy systems’ age, they often cannot accommodate new automation advances, forcing firms to do things manually. For example, J.P. Morgan Chase & Co.’s US$6-billion trading loss in 2012 was reportedly a result of spreadsheet errors.

Concerns about legacy systems are well documented. In 2014, a report from Arlington, Va.-based Corporate Executive Board Co. found that more than 50% of financial services executives stated their IT infrastructure dated back to 2007 or earlier. Also in 2014, the IT Key Metrics Data report from Stamford, Conn-based Gartner Inc. found that 80% of financial services institutions’ IT budgets are spent on maintenance and workarounds rather than on improvements.

Greater workload and increased technology concerns go hand in hand with legacy systems, says Butters: “There can be all sorts of problems, ranging from the structural to the functional.”

Thus, he recommends firms document their legacy system and that this include all the tweaks and changes that have been made to the system. Without such detailed records, says Butters, firms can end up with “a legacy system that nobody actually understands anymore, particularly if the creators and maintainers have left the scene.”

Financial firms looking to upgrade their IT infrastructure need to answer a series of questions to assess their status with respect to legacy systems and their level of risk. Paramount among these: Do the two systems use different structures for holding data? Are they on different operating systems? Are they built in different computer languages? Is one a flat system and the other relational?

Outdated technology does have one upside, says Butters, a certified ethical hacker: “There’s a phrase in the tech world that comes to mind: security by obscurity. In other words, your system is so obscure that no one in their right mind would try to hack it. Then again, [the system] might not work very well. Choose your poison.”

© 2016 Investment Executive. All rights reserved.