By Michael Coates (pictured), Solutions Architect Iven ANZ
Given the impending tightening of operating regulations in Australia, financial services organizations are racing against time to strengthen their risk management and compliance strategies.
This urgency is further highlighted by recent research showing that the financial sector accounted for the second highest number of data breaches in Australia last quarter. The government’s proactive measures to strengthen resilience are evident in the upcoming CPS 230 regulations. The regulations, which are scheduled to come into effect from 1 July 2025, introduce new risk management requirements for all businesses regulated by the Australian Prudential Regulation Authority (APRA).
To successfully navigate these evolving regulatory requirements and lay the foundation for future growth, APRA regulators must strategically invest in technology solutions that enhance governance, risk and compliance. But this journey is full of misunderstandings, especially around you. Two main areas of vulnerability – Running outdated, unsupported software and risking single vendor failure or vendor lock-in.
Myth #1: Underestimating the impact of outdated software
A recurring problem for FSI organizations is that they are running outdated software systems. A surprising number of Australian businesses continue to run outdated software that can lead to compatibility issues or security policy violations. To eliminate this risk, regular software updates are highly recommended. However, performing an update requires disruption and a significant depth of knowledge, which can all too easily be presented as a justification for postponing the update. Organizations are more likely to take the risk of using outdated software than inconvenience their customers with significant downtime. This happened recently when a major telecommunications company failed to maintain upgrades to its servers and software, resulting in serious server crashes. This left millions of customers without mobile or internet access for hours.
This issue not only creates operational hurdles, but also has serious implications for reputation and compliance as regulations increase. For example, the new regulations make such actions an offense, especially in relation to technical renewal management. An unpatched system is insecure and does not meet regulatory requirements for information security.
Myth #2: Underestimating the risks of vendor lock-in and single-vendor dependence.
FSIs are most likely to be vendor-locked due to the small number of vendors they engage to move away from the system integrator role. However, entrusting all data to one vendor exposes FSIs to the risk of regions going offline and losing pricing influence and trading power.
As regulations change, this creates more incentive to choose technologies that make resources more vendor-agnostic and whose technical resources are not available from a single provider. Open source software makes a compelling argument for improving operational efficiency and avoiding vendor lock-in, allowing data to flow freely and comply with regulatory compliance requirements.
The reasons FSI organizations do not use open source software are usually due to the lack of a defined support path or fears about security and updates. But open source can be a powerful ally in keeping you up to date with compliance requirements and providing more support to improve business performance.
Impact of FSI risk regulation
In an increasingly regulated market, FSIs must identify managed platforms that leverage open source technologies and handle automated maintenance and updates on a weekly basis to ensure organizations are always running supported software. Some companies provide updates and information about when specific platforms will end of life, allowing financial services organizations to plan for any required downtime months in advance.
In the event of a single vendor failure, these managed platforms participate in vendor agreements that run across multiple clouds in accordance with financial regulations, allowing organizations to easily migrate data between AWS, Google, MS Azure, Oracle, or service providers. Others within minutes.
IDC We calculated that one of our customers could benefit from using our data management platform in excess of $1.68 million per year, with a three-year return on investment of 340%. By reducing downtime and providing information to your organization, these managed platforms deliver incomprehensible value.
When considering future-proofing against changing regulations and risks, financial services organizations in Australia and New Zealand should consider strategies that leverage open source technologies while reducing the challenges associated with ongoing management and maintenance. Making smarter decisions upfront can help reduce the risk of single-vendor failure while delivering significant financial and performance benefits.