Hardly a month passes without reputationally embarrassing reports of problems experienced by retail bank clients with their retail banking apps. Anecdotally, up to 96% of clients are likely to leave after single bad experience. Most frequent problems are:

• Security and authentication issues
• Poor user experience and design issues
• Technical performance stability issues
• Communications and support failures

Clearing bank retail client apps seek to combine high levels of financial security whilst at the same times attempting to meet expectations for modern, user-friendly experiences.

Retail banks manage the complex underlying infrastructure to deliver money movements through services such as Faster Payments, CHAPS and Bacs, but concurrently their retail apps have to deliver resilient and intuitive experiences for clients. The issues to address in this space include:

• Demand for provision of highly personalised financial advice
• Increased security challenges in the form of AI enabled real-time financial fraud
• The introduction of “super apps”, frequently known as “operating systems for daily life”, which are all-in-one mobile platforms consolidating banking, investment, insurance and lifestyle services.
• The need to migrate from legacy systems to new digital systems, while juggling the increasing complexity of new programming Interfaces.

The major challenges for these apps cover four main areas:

1.Legacy System Integration and Modernisation

Clearing banks rely on complex legacy core banking systems. These legacy systems are expensive to maintain, and have to meet stringent regulatory requirements. Modern retail clients demand instantaneous information and transaction execution, which conflicts with the historical overnight or batch clearing cycle.

Attempting to manage links between backend systems and modern front-end apps leads to disjointed user experiences, when the Apps do not immediately reflect changes due to batch processing or slow legacy connectivity.

1. Critical Security and Fraud Prevention

Implementing robust security without creating friction that frustrates users is a constant challenge. Financial apps are primary targets for cyberattacks, with mobile devices witnessing significant increases in attempted breaches. Clearing bank apps rely on extensive API integration to interact with third parties. In consequence they are vulnerable to API-based attacks that can manipulate transactions or access unauthorised data.

1. Customer Experience and Ease of Use

Banking apps become excessively complex equipped with too many features, leading to user confusion in part because of lack of any user consultation and excessive leeway granted to technology managements developers. Users frequently complain about app crashes, freezing, or slow performance during peak times, such as payday, which damages trust and leads to them cease using the apps. Poorly designed interfaces make basic functions such as international transfers, setting up direct debits, or managing card limits difficult to navigate, requiring high support call

1. Regulatory Compliance and Competition

Banks possess massive amounts of customer data, but the inability to effectively consolidate the data from fragmented, outdated systems results in failure to deliver the hyper-personalised services that modern retail consumers expect. Strict data privacy regulations, Know Your Customer (KYC) rules, and anti-money laundering (AML) standards, which have to integrated into the app’s on boarding and transactional flows, inhibit the scope of personalised services. Challenger banks and fintechs, which operate without legacy constraints, offer faster, more personalised, and user-friendly alternatives. These services set higher customer expectations for traditional clearing banks.

Mitigating The Risks Of The Velocity Of Change

The velocity of change will always pose major challenges to the developments of Retail Bank Client Apps The most that can be done is to adopt mitigation strategies that balance innovation with the maintenance of systems stability. Using APIs (Application Programming Interfaces) enable banks to securely share data and services with authorized third-party providers, allowing fintech features to be integrated securely without the requirement to replace core systems immediately. This allows the transition from rigid monolithic architectures to flexible, “composable systems.” These are systems, whose characteristics include interoperability, treating each request as a separate transaction, modularity and components which can be upgraded, swapped, removed without faulting the whole system.

This can enable the process of breaking monolithic applications into smaller, independent modules (micro-services), without risking the entire app's stability. Furthermore, migrating to cloud-based infrastructure (IaaS) enables flexible scaling to handle significant variations in traffic while reducing the maintenance burdens associated with physical, on-premises hardware. Using APIs to expose legacy systems, a sort of API vanguard movement, allows fintech features to be integrated securely without needing to replace core systems immediately.

To this end progressive modernisation should be favoured over “one-off” or “Big Bang” overhauls of systems. Processes such as staged migration, domain by domain updates and necessary but difficult parallel runs, can protect stability and provide greater certainty of outcomes.

Security has to be part of the DNA of systems at every stage of their development. Integrating security at every stage of development allows faster, more secure, automated software releases, precluding the need to create separate gatekeeper architecture for each release of software.

As AI develops in the quality assurance function, its deployment can transform testing from an historical, manual, reactive processes into an autonomous, predictive system.

AI can increase efficiency and reduce software bugs, and important applications include automated test generation, visual defect detection, and self-remedy testing scripts that adapt to reusable software scripts. As a result AI can save significant manual maintenance time.

Implementing Regulatory Technology for automated reporting, transaction monitoring, and KYC/AML checks can help banks adapt to evolving mandates faster than manual processes.

The integration of compliance and security functions should part of the earliest design phases rather than tacked on at the conclusion of a project!

The final, and arguably most important element to consider in a risk mitigation strategy is investment in both reskilling and upskilling existing employees in AI, cloud technologies and digital banking. Investing in existing resources is often more cost-efficient and stable than relying on the hiring of new talent, or reliance on third parties.

Creating cross functional capabilities, by establishing teams that combine business, operations and technology stakeholders can make a major contribution to the dismantling of siloes, thus ensuring that changes in technology not only align with the desired business outcomes, but also meet user expectations.

Finally, there is a growing but infectious enthusiasm for chasing every new technology trend, which has a perceived high impact. Infectious enthusiasm should be curbed by focus on development which produced measurable value.

Fundamentally, successful risk mitigation results in improved operational stability, better security and faster time to market with new features. By transitioning from traditional, slow-moving development to automated, continuous, and secure practices, banks can balance innovation with stability, safety and security. The key gain from this is increased customer trust- the most fundamental principle of banking historically, currently and in the future.

Bob McDowall