Technology
How to transform public services and eliminate IT debt

Paul Liptrot, Partner – UK Government & Public Sector at Kyndryl
Any organisation embarking on a digital transformation project will know that there are significant challenges to overcome. While the benefits at the end are impossible to ignore, the barriers to success are complex and wide ranging. Add in legacy public sector applications to the process, and you open up a whole new layer of complexity.
Whether it’s cost-cutting pressures or competing interests holding back the process, product development and delivery can be significantly harder than it is in the private sector. Not just that, but across Whitehall it is broadly recognised that there’s a significant amount of technical debt to deal with too, meaning many Departments are typically starting from a place far behind that of their commercial counterparts.
Technical debt has been acquired in the public sector over several years (even decades), and for many reasons. Predominantly, ongoing budget constraints and loss of resources mean it has been easy to put off long-term, labour-intensive maintenance and modernisation projects, in favour of feel-good ‘quick wins’ that can be delivered quickly and the impact felt fast.
Furthermore, legacy, proprietary platforms that many public sector systems are developed and operating on, have undergone significant customisation and bespoke development over many years. Not only do these support mission-critical processes, making it hard to get downtime for improvements approved, but they are notoriously tricky (read: time-consuming) to unpick and migrate to newer, more modern platforms and infrastructures.
Too often, both public and private sector organisations have had a superficial opinion of what it takes to address tech debt, focusing on dealing with the often out-of-support components rather than the underlying problems. As a result, tech debt is only getting worse, reducing workforce productivity, inhibiting innovation and keeping public services stagnant through a lack of agility.
For public sector organisations looking to address the problem, the first step must be to assess and understand which services are going to be needed to deliver current policy and customer outcome objectives. With this clarity organisations can then design their Target Operate Model (TOM) to not only support these but also put in place processes and technologies that will be agile enough to adopt and adapt for the future. Understanding the TOM will then allow CXOs and their teams to make informed decisions on which approaches to take, which technologies to retain, which to replace and which to adopt public and private cloud services for in an overall hybrid environment.
With a TOM in place, priorities can be established, required investments can be understood and organisation teams and squad structures can be established within a governed program to remove tech debt. Informed decisions can be taken per business service or application with options typically including:
Retire and start new
Evaluate whether it is even worth modernising the underlying technologies. Would it be easier or more beneficial to instead migrate the business processes and data to something else? This could be a modern SaaS platform or a lighter-weight, micro-service-based replacement application. Where suitable SaaS products exist, moving legacy services to these transfers the risks and costs of developing and maintaining underlying application software and infrastructure to the SaaS provider.
Re-platform
Where SaaS isn’t an option, building products on PaaS can reduce the risk of tech debt by moving the responsibilities for maintaining, patching and updating the underlying infrastructure, operating systems and middleware to the cloud provider. As PaaS migrations involve refactoring legacy applications to fit the platform offered by a service provider, it can be time consuming. However, once it’s complete, it takes the maintenance time away from programmers, freeing them up to deploy new applications faster.
“Lift and shift”
One of the easier and least expensive ways to migrate an existing workload to the cloud is an IaaS migration, sometimes called a “lift and shift”. That’s because you move it in its current form, with minimal changes, and run it on cloud-native resources instead. This is particularly useful where the technical debt resides in hosting locations and physical hardware, but typically isn’t the answer where the debt relates to applications or software. In these cases, a lift and shift can be useful as part of a longer term program, by buying more time to modernise the applications once into Public Cloud and freed from the immediate risks associated with ageing hardware or building closures.
Modernise in-situ
You could choose to slowly migrate a legacy system by replacing specific components over a period of time. There are many variants to this approach but one of the most common is the “Strangler Fig” pattern which involves creating a parallel new landing zone and slowly redirecting from the existing application components to the new ones as replacement functionality and services are implemented. Eventually, the legacy is retired completely.
Whichever methods are adopted, once tech debt has been eliminated, that’s not the end of the road. Maintaining the TOM is an ongoing monitoring exercise to ensure that it doesn’t begin to accumulate again. Here are six top tips to avoid it recuring:
- Run teams that maintain and constantly update products rather than big periodic projects. The ongoing level of investment may seem high but the TCO will be lower, with the product itself remaining evergreen, supporting innovation and avoiding build-up of tech debt.
- Maintain tech roadmaps and review regularly, with tech refresh built into investment cases up front.
- Implement modern DevSecOps and Infrastructure as Code methodologies to ensure that services can be updated and re-deployed easily.
- Consider options like Low-code/No-code and RPA for building applications and workflows where these are suitable, avoiding the need to write and maintain code.
- Design for micro-services over monoliths. This allows parts of applications to be updated and modernised in isolation from the rest of the service. Principles of abstraction help here, as well as designing for components/services to be joined up using APIs and loose-coupling.
- Feeling overwhelmed? Engage a partner you trust that can help advise, build and, if required, operate your technology transformation.
You may like
Business
Empowering banks to protect consumers: The impact of the APP Fraud mandate

Source: Finance Derivative
Thara Brooks, Market Specialist, Fraud, Financial Crime & Compliance at FIS
On the 7th October last year, the APP (Authorised Push Payment) fraud reimbursement mandate came into effect in the UK. The mandate aims to protect consumers, but it has already come under immense scrutiny, receiving both support and criticism from all market sectors. But what does it mean for banks and their customers?
Fraud has become a growing concern for the UK banking system and its consumers. According to the ICAEW, the total value of UK fraud stood at £2.3bn in 2023, a 104% increase since 2022, with estimates that the evolution of AI will lead to even bigger challenges. As the IMF points out, greater digitalisation brings greater vulnerabilities, at a time when half of UK consumers are already “obsessed” with checking their banking apps and balances.
These concerns have contributed to the implementation of the PSR’s (Payment Systems Regulator) APP fraud mandate, which was implemented to reimburse the victims of APP fraud. APP fraud occurs when somebody is tricked into authorising a payment from their own bank account. Unlike more traditional fraud, such as payments made from a stolen bank card, APP fraud previously fell outside the scope of conventional fraud protection, as the transaction is technically “authorised” by the victim.
The £85,000 Debate: A controversial adjustment
The regulatory framework for the APP fraud mandate was initially introduced in May 2022. The maximum level of mandatory reimbursement was originally set at £415,000 per claim. The PSR significantly reduced the maximum reimbursement value to £85,000 when the mandate came into effect, however, causing widespread controversy.
According to the PSR, the updated cap will see over 99% of claims (by volume) being covered, with an October review highlighting just 18 instances of people being scammed for more than £415,000, and 411 instances of more than £85,000, from a total of over 250,000 cases throughout 2023. “Almost all high value scams are made up of multiple smaller transactions,” the PSR explains, “reducing the effectiveness of transaction limits as a tool to manage exposure.”
The reduced cap makes a big difference on multiple levels. For financial institutions and payment service providers (PSPs), the lower limit means they’re less exposed to high-value claims. The reduced exposure to unlimited high-value claims has the potential to lower compliance and operational costs, while the £85,000 cap aligns with the Financial Services Compensation Scheme (FSCS) threshold, creating broader consistency across financial redress schemes.
There are naturally downsides to the lower limit, with critics highlighting significant financial shortfalls for victims of high-value fraud. The lower cap may reduce public confidence in the financial system’s ability to protect against fraud, particularly for those handling large sums of money, while small businesses, many of which often deal with large transaction amounts, may find the cap insufficient to cover losses.
The impact on PSPs and their customers
With PSPs responsible for APP fraud reimbursement, institutions need to take the next step when it comes to fraud detection and prevention to minimise exposure to claims within the £85,000 cap. Customers of all types are likely to benefit from more robust security as a result.
The Financial Conduct Authority’s (FCA’s) recommendations include strengthening controls during onboarding, improving transaction monitoring to detect suspicious activity, and optimising reporting mechanisms to enable swift action. Such controls are largely in line with the PSR’s own recommendations, with the institution setting out a number of steps in its final policy statement in December 2023 to mitigate APP scam risks.
These include setting appropriate transaction limits, improving ‘know your customer’ controls, strengthening transaction-monitoring systems and stopping or freezing payments that PSPs consider to be suspicious for further investigation.
All these measures will invariably improve consumer experience, increasing customers’ confidence to transact online safely, as well as giving them peace of mind with quicker reimbursement in case things go awry.
Going beyond the APP fraud mandate
If the PSR’s mandate can steer financial institutions towards implementing more robust security practices, it can only be a good thing. It’s not the only tool that’s shaping the financial security landscape, however.
In October 2024, the UK government introduced new legislation granting banks enhanced powers to combat fraud. An optional £100 excess on fraud claims has been introduced to encourage customer caution and combat moral hazards, while the Treasury has strengthened prevention measures by handing out new powers to high street banks to delay and investigate payments suspected of being fraudulent by 3 days. The extended processing time for suspicious payments may lead to delays in legitimate transactions, making transparent communication and robust safeguards essential to maintain consumer trust.
Further collaborative efforts, such as Meta’s partnership with UK banks through the Fraud Intelligence Reciprocal Exchange (FIRE) program, can also aid the fight against fraud. Thanks to direct intelligence sharing between financial institutions and the world’s biggest social media platform, FIRE enhances the detection and removal of fraudulent accounts across platforms such as Facebook and Instagram, not only disrupting scam operations, but also fostering a safer digital environment for users. The early stages of the pilot have led to action against thousands of scammer-operated accounts, with approximately 20,000 accounts removed based on shared data.
Additionally, education and awareness are crucial measures to protect consumers against APP fraud. Several high street banks have upgraded their banking channels to share timely content about the signs of potential scams, with increased public awareness helping consumers identify and avoid fraudulent schemes.
Improvements in policing strategies are also significantly contributing to the mitigation of APP fraud. Specialized fraud units within police forces have enhanced the precision and efficiency of investigations. The City of London Police and the National Fraud Intelligence Bureau are upgrading the technology for Action Fraud, providing victims with a more accessible and customer-friendly service. Collaborative efforts among police, banks, and telecommunications firms, exemplified by the work of the Dedicated Card and Payment Crime Unit (DCPCU), have enabled the swift exchange of information, facilitating the prompt apprehension of scammers.
How AI is expected to change the landscape
The coming months will be critical in assessing these changes, as institutions, businesses and the UK government work together to shape security against fraud in the ever-changing world of finance.
While fraud is a terrifyingly big business, it’s only likely to increase with the evolution of AI, making it even more critical that such changes are effective. According to PwC, “There is a real risk that hard-fought improvements in fraud defences could be undone if the right measures are not put in place to defend against fraud in an AI-enabled world.”
Chatbots can be used as part of phishing scams, for example, and AI systems can already read text and reproduce sampled voices, making it possible to send messages from “relatives” whose voices have been spoofed in a similar manner to deepfakes.
Along with other innovations, tools and collaborations, however, the APP fraud mandate, UK legislation and FIRE can all contribute towards redressing such technological advances. Together, this can give financial institutions a much-needed boost in the fight against fraud, providing a more secure future for customers.
Business
AI and Data Interoperability are Crucial for Success in the Financial Industry

Source: Finance Derivative
Written by Yohan Lobo, Senior Industry Solutions Manager, Financial Services at M-Files.
Businesses within the financial services sector are among the industries leading the way in delivering AI initiatives to enhance services and improve decision-making however, rich data and strong infrastructure is the essential foundation for successful implementation.
Still plagued by inefficient manual processes and lack sufficient data resources, only 31% of organisations are on track with AI integration. Models that operate with AI are only as good as the data we feed into them so firms need an optimised system that can handle the high volumes of client and business data.
Financial institutions should address these gaps by investing in a robust data infrastructure that connects these siloed sources, creating a firm foundation on which they can build new AI initiatives.
The Pitfalls of Unorganised Data
Financial information can often be scattered across various locations in a range of formats, such as market insight presentations analysis, underwriting documents, or client emails. Without a predefined format, this disconnected data makes it challenging for AI systems to interpret information effectively and delivers inaccurate analytics that could take the business in the wrong direction.
Many institutions need help organising documents generated across disconnected systems and stored in duplicate data stacks which may produce conflicting versions of the truth. In a sector where client relationships are built on trust, responding to these data issues using obsolete tools, disrupted workflows, and any misstep in data consistency could lead to reputational damage, financial loss, or regulatory fines.
Organizing financial data like transaction records, customer data, and financial reports under centralised and labelled repositories, will make data collection and analysis for projects more accessible.
With these data management tools, firms can automate the process of organizing unstructured data that is easy to find, store and use. This can liberate their teams from the drudgery of manual processes while eliminating the potential for human error, resulting in richer data sources that is ready to fuel AI powered productivity.
Demystifying AI into a Workforce Ally
Workforce preparation and readiness may be an underestimated aspect of AI business readiness employees might be sceptical of AI accuracy and capability based on anecdotal stories following the failed usage of this new technology.
In 2023, a US attorney found himself embroiled in an AI disaster after using an AI chatbot to research precedents in a lawsuit against Colombian airline Avianca. In this case false names, numbers and internal citations were provided based on unverified online sources. The financial services sector is not immune from these types of incidents if generative AI tools are not used appropriately with a clear understanding of the source data. AI tools built on poorly managed inaccurate or incomplete company data can also provide outputs that suffer from similar “hallucinations”.
The rapidly evolving nature of AI tools means that means that both the value and risks are unclear to many users. Firms that do not properly articulate the value and limitations of AI may face inertia amongst workers. It is important to demystify the technology and show how it can improve work experience whilst setting out a framework for appropriate usage that aligns to client and regulatory expectations.
Training and upskilling workers can help explain the fundamentals of AI and teach hands-on skills in using these tools within their job functions, bridging any existing skills and knowledge gaps. This contextual understanding can showcase operational use of AI to assist with dull, repetitive tasks, thus opening up time for teams to focus on growth work that they enjoy and also adds value to firms’ progression.
Managing High Traffic and Data with Cloud
A recent report by Microsoft identified significant bottlenecks that can disrupt AI momentum; a key factor being low levels of compute capacity and adoption of background technologies such as cloud. Despite all its benefits, AI within data infrastructure does require substantial computing power and storage, making on-premise solutions cost-prohibitive. 31% of business have yet to adopt cloud and with the UK lagging other countries in digital technology infrastructure, businesses will need to become more familiar with this technology. Here, cloud computing emerges as a game-changer to grant businesses the flexibility needed to keep sensitive data secure while providing the computational power needed.
Leveraging cloud-based data management tools allows firms to store, process, and scale to accommodate increased traffic, which is particularly beneficial for handling data loads during high transaction periods. This ensures smooth user experiences and utilises decentralised networks for distributed low costs.
The successful deployment of such cloud-based services can help financial companies process enormous amounts of customer data and connect them with AI-processing capabilities without investing in expensive servers. With its ability to accommodate various infrastructure and AI capabilities, cloud solutions can easily handle changes in data to deliver unparalleled employee and customer experiences.
Future Success with Strong AI Foundations
A well-structured and forward-thinking approach to AI is essential, but the quality of AI outputs will only be as good as the data infrastructure that supports them. With the right foundation, even the most advanced AI systems will be able to deliver actionable insights. While it is a complex undertaking, a supported data infrastructure can yield significant rewards for improved decision-making and enhanced customer experiences.
A holistic approach encompassing AI technology, processes, and people can build an AI-ready data infrastructure, allowing financial institutes to remain competitive and adapt to evolving demand. This will secure their position in an increasingly competitive market and ensure sustained success as the financial industry continues its digital transformation.
Business
Technology’s Role in Transforming Insurance: From AI to Cyber Risk

Source: Finance Derivative
Authored by Samiul Chowdhury, Principal Actuarial Consultant, RNA Analytics
The insurance industry is undergoing a significant transformation, driven by rapid advancements in technology. From property and casualty to life insurance, the role of digital solutions has never been more important. Today, it’s almost impossible to imagine a successful, compliant insurance business without technology at its core.
But how exactly is technology reshaping the insurance landscape? And what does it mean for the future of actuarial work, AI, and cyber risk? Let’s explore.
The Essential Role of Technology in Modern Insurance
Technology is the cornerstone of the successful modern insurance business – whether property, casualty or life. It’s no longer optional—it’s essential! Operating a successful and compliant insurance company today without the help of software solutions would be a real challenge. Whether it’s managing customer data, meeting regulatory demands, or assessing risk, technology is at the heart of everything modern insurers do.
In recent years, regulatory compliance has been a top priority for (re)insurers across the globe, with IFRS 17 probably the number one focus. The new accounting standards are highly complex, and their implementation has forced many insurers to rethink and redesign their entire approach to financial reporting and infrastructure. However, this challenge has also been a catalyst for technological innovation.
One of the most significant changes brought about by IFRS 17 is the integration of traditionally siloed such as functions such as actuarial, finance and accounting functions. This alignment gives insurers unprecedented insight into opportunities and risks, enabling them to make more informed decisions. Beyond compliance, accuracy and extensive flexibility, this integration offers insurers a chance to enhance accuracy, achieve greater flexibility, and gain a deeper understanding of their financial landscape.
How AI is Changing the Actuarial World
Much has been said aboutArtificial Intelligence (AI) and its potential to disrupt industries. In insurance, AI is already proving to be a game-changer, especially in actuarial work. With the right approach, AI holds great promise of making processes smoother and bringing faster, more accurate decision-making into play.
However, AI is not here to replace actuaries. Instead, it enhances actuaries’ roles by automating their routine tasks such as data pre-processing, model fitting, and report generation. This automation allows actuaries to focus on more strategic tasks, giving them a more central role within the organizations.
Meanwhile, AI modelling introduces new sources of uncertainty. Actuaries must understand the limitations and assumptions behind the AI models they are using. It’s important to ensure that these are fair, unbiased, and ethical —particularly when it comes to pricing and underwriting. This means actuaries will need to pick up new skills, especially in data science and programming languages like Python and R.
In other words, AI offers actuaries the chance to work more efficiently and strategically, but only if they are prepared to navigate the complexities it brings.
The Growing Challenge of Cyber Risk. How Do Insurers Keep Up?
Cyber risk has emerged as one of the most significant threats insurers face today. Cyber insurance is not the same as it was twenty years ago. The policies were relatively simpler, and insurers didn’t have as much data or experience to rely on. Today, they are more complex, reflecting the increased scale and sophistication of cyber threats.
As cyberattacks have increased, so has our ability to model and understand them. Insurers have gained more data over time, which has allowed them to get a better grip on the risks involved. However, here is the thing: technology evolves, and so do the threats. Whether it’s a data breach, ransomware attack, or even non-malicious technical failures like the recent CrowdStrike outage, the risks are more systemic and far-reaching than ever.
Looking ahead, as we enter the Web3 era where information becomes ever more interconnected and managed by semantic metadata, we’ll have a complete set of new vulnerabilities. Business models will shift, and with that, the risks insurers will need to cover. By 2044, cyber insurance policies will probably look quite different from what we see today.
Conclusion
The insurance industry is at a turning point, driven by the rapid adoption of technology and the increasing complexity of risks like cyber threats. To stay ahead of the curve, insurers need to embrace AI, data-driven decision-making processes, and advanced risk models.

Empowering banks to protect consumers: The impact of the APP Fraud mandate

After the tax deadline: Next steps for accountancy firms

Future-proofing financial services investment

Future-proofing the workforce for AI innovations with continuous learning

The Sustainability Carrot Could be More Powerful Than the Stick!
