Published in partnership with Novigi

The pace of change in technology is fast and only getting faster, and it’s easy for any organisation to start to feel as though its systems are holding it back on efficiency and service delivery.

Often the temptation is to ditch established legacy systems and turn to something shiny and new in the hope of finding some sort of IT silver bullet. Superannuation funds are not immune from the same beliefs and temptations as they adapt to the escalating demands of policymakers, regulators and members.

Funds are gearing up to deliver retirement income strategies that rely on collecting and acting on increasing volumes of data, tailoring individual solutions and handling an exponentially greater number of transactions as members begin to regularly draw down their savings.

And that’s even before issues such as the implementation of artificial intelligence in a fund’s operations and that technology’s demand for processing power; or the impact of payday super and the increased volume of transactions that will accompany it, along with the cyber security implications of vastly more interaction with members.

Nathan Hartley, executive general manager of group technology at Novigi, says the lure of something new is understandable but there’s often still a lot of life left in old IT dogs that can be harnessed before it becomes necessary for a wholesale systems upgrade, with its associated costs and organisational risks.

Hartley says that well-maintained legacy systems can remain fit for purpose even as a fund’s IT demands and strategic objectives change. But problems may arise where legacy systems have been neglected over years – and they can be costly to maintain – and then begin to lag at the tasks they were originally specced for.

“They get called legacy systems, which is often a bit unfair, and it’s got a negative connotation,” Hartley says.

“Often what you find is the legacy systems get pushed to the side. They’re not shiny, they’re not new, so they kind of sit there doing what they’re doing, and they’re very effective at what they’re doing, but like everything, they need constant care and upkeep.”

Teams go through cycles

Hartley says all organisations’ technology teams go through cycles – the team that is there today is not responsible for implementing the existing systems, was not part of the original decision-making process and may not fully understand the rationale for why that system was put in place.

In these situations, their commitment to existing systems may not be total, and Hartley says that, as a result, organisations often under-invest, particularly from a technology point of view.  These platforms are not set-and-forget and funds often implement one platform then move on to the next shiny new toy that they want to implement.

No greater threat (necessarily)

Legacy systems do not necessarily pose a greater cybersecurity threat to a fund than newer systems, Hartley says.

“If you are maintaining and investing in the legacy platform, then you know there should not be a heightened risk when it comes to cyber security. It’s where you let things sit and sit and stagnate, that’s where you get security risk introduced on these platforms,” he says.

The decision to keep or ditch a legacy system should be based on a careful risk assessment based on a number of factors.

“Some legacy systems will time out, whether or not it’s hardware or underlying componentry; that means that it has to be replaced. That’s inevitable, and it’s going to happen,” Hartley says.

“But often with legacy systems, as long as they’re being maintained and upgraded, they can be kept in place. The bigger issue is not so much the technology, it’s the people side of running legacy tech. We don’t do a great job in documenting knowledge around the systems, people move on and out of organisations, and you often end up with single people within an organisation that become a single point of failure, or the subject matter expert on those legacy systems, and that presents a real bottleneck.”

Hartley says that because a significant number of legacy systems rely on componentry such as Java or Tomcat, which may not still be supported, security issues can also arise.

“We’ve had instances where the main application, the legacy piece of technology, hasn’t been kept up to date, and some of the componentry and supporting applications underneath have vulnerabilities in them,” Hartley says.

“Then, because you can’t upgrade the main application and because you can’t upgrade the underlying, supporting applications, you’re stuck in this thing where you’re left with security vulnerabilities. It’s this kind of cycle you get caught in.”

‘Not sexy, not new’

Obviously, if a legacy system is simply not capable of what’s being asked of it, it’s time for it to go.

“And then the final lens you look at is people, what is the people risk,” Hartley says.

“It comes back to that single point of failure in knowledge. Does that present a real risk?

A challenge on some of the legacy platforms that you do get into is attracting new people to come and work on that stuff. It’s not sexy, it’s not new, it’s not AI. It’s hard to get the young kids coming into that stuff.”

Hartley says the case to completely ditch a legacy system can be difficult to mount in situations where it’s running mission-critical functions and doing that efficiently and without errors.

“Transition programs, as we’ve seen, can go wrong very quickly, cost a lot of money, cause reputational damage, impact members, all those sorts of things,” he says.

“It’s a big decision to replace some of this technology that’s there doing its job.

“Then there’s the impact on the member, and is it in members’ best interests? These programs aren’t cheap. They’re in the tens of millions of dollars, often. Is it in the best interest of the member for the fund to go out and spend this money?”

Legacy system misconceptions

Hartley says there’s a misconception that legacy systems stifle innovation and development of new services and product.

“I would argue that [lack of] innovation is a lack of imagination. Legacy systems I don’t think necessarily prevent innovation. I wouldn’t see them as the roadblock to that at all,” Hartley says.

A culture that doesn’t foster innovation “is formed over time because of preconceived notions of that platform”, he says.

“Often you see, as these legacy technologies become ingrained in an organisation, there is an inability of people to imagine what a new system can do. What happens is, you get a new system, the people who are using the old system are providing the requirements, and you try and craft your new system to operate like your old system did,” he says.

“There’s this closed-off thinking around what the capabilities of these systems actually are. Some of that’s knowledge. Some of that [thinking] is it’s old, so it’s not good. Modern platforms are doing lots of the same things, they’re just doing it in a different way, be it in the cloud or with cloud-native services, but at the end of the day it’s still data, they’re still processing, it’s just a different, newer way of doing the same thing.”