United Kingdom (and EU regulation)

FCA report outlines practices firms can consider to reduce consumer harm caused by failed technology changes

By Simon Lovegrove (UK) on February 8, 2021 Posted in Coronavirus, United Kingdom

On 5 February 2021, the FCA published a multi-firm review that looks at how firms implement technology change, the challenges caused when changes fail, and the steps firms can take to protect consumers from harm and disruption in the market.

One of the goals of the review was to highlight practices utilised within the industry to help reduce the impact and number of incidents resulting from technology change. Based on the data analysed in the review, the FCA found that firms that had higher change success rates had these common characteristics:

Firms with well-established governance arrangements. The review found that there was a positive correlation between the longevity of governance arrangements and higher change success rates in the firms it sampled. The FCA found that robust governance can help reduce the number and impact of operational incidents resulting from change.
Relying on high levels of legacy technology was linked to more failed and emergency changes. Over 90% of surveyed firms relied on legacy technology in some form to deliver their services. The FCA found that firms with a lower proportion of legacy infrastructure and applications had a higher change success rate. This supports the view that technology change is more difficult to implement without disruption when dealing with legacy infrastructure. Firms with a lower proportion of legacy technology also had a lower proportion of changes being deployed as emergencies and had a higher chance of those emergency changes being successfully deployed.
Firms that allocated a higher proportion of their technology budget to change experienced fewer change related incidents. Firms with a high change success rate dedicated a large proportion of their IT budget to change activities. Overall, the FCA found that firms that deployed smaller, more frequent releases had higher change success rates than those with longer release cycles.
Effective risk management is an important component of effective change management capabilities. Firms that experienced less incidents due to failed changes mitigated the risk of technology change by leveraging a wide range of technical and business knowledge to ensure that potential impacts were well understood. The FCA also found that firms that continuously managed risks as part of day to day project management were more likely to have higher change success rates compared to firms that employed an ad-hoc or periodic approach to risk management.