IT managers are becoming increasingly concerned about colleagues developing software outside of the IT function.
According to a survey of IT directors and chief technology officers by consulting firm Sionic, 93% of asset management firms have employees creating and designing their own applications.
A combination of more advanced programming languages along and increased IT literacy has led to more business-enabled IT development.
The practice is supported and actively encouraged by almost a third of firms, not least because it speeds up the pace of IT development and also allows portfolio managers and other front-office staff to create more sophisticated tools suited to their own preferences.
However, nearly two-thirds see it as a medium to high operational risk if it is not managed within a controlled environment.
These risks include the use of unlicensed software, unverified data sources, spiralling data costs, exposure to cybercrime, and use of code that is neither tested or supported.
According to Sionic partner Clare Vincent Silk, this industry trend not only raises questions about the best way to manage the risk, but also the future role of IT departments and directors within asset management firms.
“We could see IT directors supporting IT governance and development outside their own departments,” said Vincent Silk.
Fewer firms are building technology as opposed to buying, and more time is spent on IT integration rather than development.
Consequently IT heads could become more focused on other areas such as cyber awareness, data science, IT infrastructure and what Vincent Silk terms as the search for ‘operational alpha’.
The practice of employees designing their own software, or so-called ‘stealth IT’, is not entirely new. For example, portfolio managers have been building their own Excel spreadsheets for years.
However, the rise of programming languages like Python and data visualisation tools like PowerBi, has given business users much more capability.
The Sionic study found that the majority of the development is taking place in the front-office, among investment and quant teams, allowing for more sophisticated and proprietary data analysis.
While most firms have rules around software development, not all of them are enforced or up-to-date. Almost a quarter of firms (23.5%) have no governance framework in place at all while more than half only a basic framework that needs to be brought up to standard.
The survey also showed that there are currently tighter rules on the use of IT procurement than software development.
Asset managers will need to enhance their governance frameworks in order to manage the risk but they will also need to ensure that employees follow the guidelines, said Vincent Silk.
More collaboration between front office staff, data management and the IT function should take place to ensure a proper governance framework is in place, while more focus on risk culture and organisational awareness would ensure better adherence to the rules, said Vincent Silk.
The pandemic and the mass move to working from home has raised attention on operational resilience among regulators as well as asset managers.
Germany’s BaFin recently amended its rules on IT risks for financial institutions including the rules for IT governance and application development, while the UK’s Financial Conduct Authority has used a Technology Risk Management framework developed by the Securities and Exchange Commission in the US to test the maturity of financial firm’s technology.
The Sionic survey took place in December 2020 with 15 asset managers.
© 2021 funds europe