ING’s Henk Kolk: Re-thinking IT risk management
The Dutch bank’s chief engineer Henk Kolk will keynote at the QA Financial Forum London on April 5th. If banks really do want to automate, they should make sure the engineers are in charge, he says.
If banks really do want to shift left and automate software development, there’s really only one way for them to do it, says Henk Kolk, ING’s chief engineer and Agile evangelist.
“IT risk management has to be owned by the software engineers,” he says. Kolk will detail his argument in presentation at the QA Financial Forum conference in London on April 5th*.
Without a fundamental shift in management culture at large banks, there is no chance they will be able to make the transition to continuous app delivery and true “Agile at scale”, says Kolk, who is charged with co-ordinating the work of around 1,000 different development teams around the world for ING.
ING began its transition to full automation of software development across its retail bank two years ago, fuelled by the maxim that “speed equals market share”, says Kolk. In practical terms, the objective has been to develop virtualized test environments on immutable servers, so that those environments remain consistent for robotic testing.
“We’ve been working hard to prove this is the way forward for two years now, and we are still in the middle of the process,” says Kolk. But the platform has been essentially proven, he adds, and the next stages will see the IT control framework rolled out across the bank. “My suggestion is that the engineers should own it and not the risk process managers. It is really only the engineers who understand what is happening. And if banks truly do want to become technology driven businesses, then the engineers should be responsible for IT risk management,” he says.
Some banks argue that Agile and DevOps environments are not compatible with the development of their most critical apps, and that regulators are pushing back against the merging of development and testing roles because they don’t like the idea of developers verifying their own codes. But Kolk believes that automation can be part of the answer to that challenge, and not just part of the problem. He asks: “Once you start automating for real, then why not treat all you apps as critical?”
While large banks sometimes argue that they face greater IT and compliance challenges than retail firms or media companies, for example, It may be they are simply more conservative than they like to think they are. “Most senior managers have MBAs that are still premised on the early twentieth-century thinking of [the engineer] Frederick Taylor and [the car-maker] Henry Ford,” says Kolk. “They think in terms of siloes, production centres and the time it takes to respond to failure. They are not thinking enough about the customer impact that their IT can have. If you really want to do Agile, then you really have to look at the impact that you are going to get from it. And vice versa. ”
*For further details of the QA Financial Forum, see: www.events.qa-financial.com . The event takes place at the Hilton, Canary Wharf on April 5th. A limited number of VIP guest passes remain for our readers who work at financial firms. Contact Lauren King at Lauren@qa-financial.com if you would like to attend.