With regulatory demands increasing, Toms Jansons argues banks urgently need to upgrade aging, complex card systems to comply with impending legislation and meet the demands of the digital age.
With the new PCI DSS v4.0 regulations taking full effect in 1Q 2025, issuers and especially acquirers will be forced to evaluate whether their existing systems can cope with these requirements and also whether they are PCI SSF (Software Security Framework) certified.
New requirements for all European banks to fully support SEPA instant payments by the end of 2024 will also have an impact on the ability of card management platforms to instantly process incoming payments on credit card accounts. Not much further ahead, the EU’s Digital Operations Resilience Act (DORA) is due for implementation in early 2025. This will have deep implications for how banks manage systemic risk – especially with their payment partners. Finally, the EU’s PSD3 is due for roll-out by 2027. It promises to further strengthen transaction authentication processes and tighten existing KYC requirements.
Even as things stand, many bank systems are old and increasingly difficult to manage, placing a burden on banks through their complexity and expense. In their 2022 Global Banking Report, McKinsey & Co estimate just ten cents in every dollar of bank spend on IT goes on product innovation or customer service, with the remaining 90% spent on legacy system upgrades and compliance.
With costs at such high levels, banks simply cannot afford to continue maintaining their old systems whilst hoping to compete with a growing range of digital-first, nimble challengers from neo-banks to tech giants and their payment solutions. Our latest research report reveals a majority of European banks believe their systems are no longer fit for purpose and cannot be adopted to modern requirements such as online marketplaces or embedded finance offerings.
As mentioned previously, new certification requirements will make it impossible for some older systems to operate, running the risk of incurring penalties or, in the worst case scenario, the revocation of licenses. At the same time as banks face these increasing burdens, both corporate and retail banking customers are looking for faster, safer and more innovative services. This places further pressure on IT budgets, product managers and compliance teams to deliver at a time when margins remain tight, and the “C” suite is looking for revenue increases across the board.
In the report, we explain how banks can prepare for the realities of a world focused on digital payments in which current levels of complexity will only increase. We set out the reasons why banks that fail to prepare end up making forced decisions to migrate to more modern systems and processes due to compliance requirements that place unmanageable burdens on existing, outdated systems. Finally, we provide options for how banks can transform their IT architectures to deliver modern, more capable solutions that are ready to meet the demands of both regulators and customers in the digital age. As an experienced migration partner we advise all banks to consider the following action-points:
For more insights download “Options for Change”, the new study from Tietoevry Banking, for more on the migration imperative and making the right strategic choices when implementing new card systems.