Fincode 2019

Regular readers will note that we attend this event annually and our 2017 and 2018 editions are well worth a revisit as many of the previous years presentations were from more mature organisations than the 2019 presenters.

The event as the name suggest is focussed on technologists in Tier 1 and 2 Financial Services companies in Europe. This event is unique in that there is little or no vendor input and all of the workshops are run by customers for their peers.

This year’s event was in Frankfurt from 17th to 19th March. At the end of this blog is a list of the companies who presented and some key words to describe their content. We are happy to send on our notes and the slides presented, if you contact us via email.

I have grouped my summary observations below under 5 main headings

New ways of working

Lean is gaining credence with businesses and putting IT under pressure to align.

DevOps Champions find ways around organisational barriers to achieve objectives as this picture illustrates….

High friction means lots of manual tasks, which require more manual controls (4 eyes) which means if things go wrong the consequence are high. To mitigate the risks the business spends more than it needs to, typically on large waterfall projects. The RHS is the converse where automations remove friction. By breaking larger projects into smaller pieces the risks and costs are lower This leads to real progress under budgetary thresholds that do not require sign off.  

Agile coaches as permanent members of staff reduce attrition as they address personal conflicts between team members, bring teams to better levels of agile maturity and elevate cross team constraints to management.

Unless IT Audit is engaged early on as new ways of working are introduced it creates frustration.

Many IT teams have not sought budgets from their business on DevOps and try to run pilots ‘off piste’. As pilots run into production this can mean use of Open Source which in turn creates IT audit headaches.

Regulation and Security

Automation of compliance processes means data collection for regulators is simplified at lower cost with better quality and quantity proofs of compliance

Two major European retail Banks have asserted that unexpected demands from regulators are best addressed through agile and DevOps. Regulatory requirements are broken into

Fire drills

Stress tests

Major programs

Fire drills are incorporated into sprints – typically this is the production of a report within a one or two week period. Re-prioritising the backlog is easy since retention of banking license trumps all other business cases.

For stress tests and major programs they either fit regulatory request into  sprint backlogs or form teams – in the case of one organisation Basel 3 is 200 teams.

For one leading Dutch bank –  the security model is based on BSIMM v9. This is implemented through automated tooling, a central source of expert knowledge and a  satellite with security focus on each agile team. A central resource (in an SRE team) would be the security authority and part of their role is to ‘impart security know how’ to dev’s and to ensure that at least one person per scrum team is a security champion. This bank states that a mature agile team with good security know how, a security champion and automated tooling is likely to need no more than 1 day of service from central security per 2 week sprint.

Cloud

There are many different approaches to how cloud is being embraced. Very few organisations have deployed production systems on cloud and typically the systems deployed are not core.

Some organisations  choose to migrate ‘ a form of lift and shift’ having  discovered  containerisation and Kubernetes initially as a configuration management solution and then as a path to cloud.

Some organisations are redeveloping legacy components into microservices and deploying these to cloud.

A few organisations are abandoning legacy entirely and starting again with new teams and new architectures- not necessarily microservices.

No presentation ruled out cloud as the end game – the only differences related to time scales. Only one organisation was trialling serverless.

Several presenters alluded to the fact that cost savings are rarely as good as the first impressions the sales person creates.

Agile at Scale is hard

Agile has brought development time from months to weeks and DevOps is bringing delivery from weeks to days… direct quote from Tier 1 Insurance underwriter.

53% of agile adoptions fail because existing culture is at odds with agile values.
46% because of inadequate management support
43% because of resistance to change

Aligning your agile with your company culture is vital….

Control companies do it right –these tend to be very hierarchical. The cost of getting things wrong is very high. Advice is to apply lean first – and then start to look at SAFE or other process frameworks that can be adapted. Every organisation will have its own unique way of implementing agile and DevOps processes.

Collaborative companies do it together– where success is based on interdependencies between individuals working closely and iteratively. The advice is Kanban and the safety net of Andon cords.

Creative (innovators) do it first … these companies can often be born lean.. but scrum probably is too structured early on. Start small and deliver for value until constraints emerge.

Compete – do it fast… be (or born) lean and MVP for as long as possible. Feature based delivery will be required … scrum may be too slow..

A tier 1 German bank commented that uniformity of process is prized at the C and C-1 level but it clashes with empowered individuals and teams. Badly managed this can inhibit continuous improvement adoption.

Many organisations find that agile pilots will revert to waterfall unless there is strong sponsorship from the business

Innovation

A tier 1 insurance company will be offering Insurance as a Service under a new brandname.

Many organisations are running intrapreneurial initiatives as they perceive their best new ideas will come from within.

Automations free up time to allow people to innovate.

Companies that presented this year

  • Allianz – IaaS, small team, open source tech
  • Deutsche Bank – agile meets enterprise constraints
  • Klarna – 100% agile company including and beyond IT – 2,500 employees
  • ING – security best practice
  • ING – regulation meets agile
  • Bailie Gifford – moving towards containers at pace
  • Erste Group – automation tools and collaboration
  • Swiss Life – re-architecting for agility while retaining legacy
  • OP Financial Group – Finnish bank starting a DevOps journey.. a case for change
  • BBVA – Microservices migration, cloud, serverless, pipeline tools, use of API’s.
  • ABN Amro – 4 years of DevOps journey, Cloud, pipeline tools.
  • Payback – rapid business expansion through DevOps process and Cloud. Journey story and recent containerisation.
  • Emirates – Agile maturity models.

 

 

 

Leave a Reply

Your email address will not be published.