News

Uncategorized

Banking & Finance – Software Development & Testing Challenges

Overview

Financial Services systems present unique challenges for software developers and testers. Regulators are very concerned about good provenance over the software being developed. Controls, processes and technologies for managing change to the system must be developed and documented. The system needs to be tested not just against the functional requirements from the customer, but also against the book of mandated policies and regulations.

In addition, financial institutions make money predominantly by collecting interest on loans, by buying and selling securities, or by charging fees & commissions – not by developing software – and consequently the tools needed to support the software development and testing activities need to be easy to use, provide the needed functionality out of the box, and have a low total cost of ownership (TCO).

Regulatory Compliance

In addition to the usual testing requirements that ensure that a system works in accordance with its requirements (functional testing), handles the prescribed load (performance testing) and is secure (vulnerability testing), financial systems have to meet a whole host of constantly changing regulations from organisations that include the Reserve Bank of Australia, the Australian Prudential Regulation Authority and payments authorities such as the Australian Payments Network.  There’s also a host of rules and regulations around payment cards, private data, payment schemes and, etc,.

Since 2001 alone, there have been myriad changes to financial laws: Sarbanes-Oxley (SOX), Basel II, Dodd-Franks, FATCA, to name just two. Each time these changes in the regulatory landscape require changes to test plans, validation procedures and system requirements.

SpiraTest from Inflectra provides the premier solution for managing all of your requirements, test cases and validation scenarios in a central, easy to manage repository. With SpiraTest, you can stay on top of the changes and manage them rather than them managing you!

Overarching Policies & Requirements

When you have to test and develop against both requirements defined for a specific system as well as an overarching set of mandated policies and regulations, you need to have the ability to define core mandated requirements that are shared between projects as well as project-specific features, use cases, and user stories:

SpiraTeam lets you have projects that share their artifacts with other projects. This powerful feature lets you have projects that reuse components, features and tests from other projects. In addition, you can share requirements between projects so that you can view all of your requirements in a single list; those from the current project and those from any component projects being included:

Traceability

For banks and other finance firms, requirements traceability is not optional, all changes to core systems must be validated and shown to be managed in accordance with the defined processes, procedures, roles and regulations. You need to have an Application Lifecycle Management (ALM) solution that provides you the optimum mapping between requirements, tasks, software controls, test controls, pre-production staging builds, and releases.

SpiraTeam provides you with ability to manage the entire end-to-end process of developing and testing software in accordance with your defined processes. It simplifies the reporting, making it easier for you to demonstrate the linkage between your policy attestations and the final code release.

Security & Privacy

When there is a breach in a website or consumer application it is bad enough, but when there is a security breach in a financial service system, the costs and regulatory damage can literally ‘break the bank’. When you need tools to help you keep track of your security requirements, testing activities and associated defects, SpiraTest is your best choice for test management with its built-in version control and audit-log, you can see who made changes to each artifact in the system.

Securing the codebase is another key ingredient to prevent security breaches and vulnerabilities. With SpiraPlan, you can see real-time traceability between each change in the code base and the associated requirement, task or defect that made the change necessary. This real-time traceability lets you find unauthorised code changes and prevent security vulnerabilities before they happen.

In addition, your ALM solution needs to provide sufficient security and privacy controls so that your code data is secure and maintained with integrity. SpiraTeam is available both as an on-premise solution and as a secure cloud service, giving you multiple options that best align with your security policies.

Transaction Processing

When you are dealing with testing financial transactions containing large volumes of highly precise data, manual testing doesn’t cut it anymore. When you need to automate your system testing, our Rapise test automation platform is ready to help. Rapise has been built from the ground-up to support the testing of desktop, web and mobile applications in a single easy to use platform. Now you can use the same tool to test the back-office systems and the mobile applications used by customers in the same set of transactions.

Rapise includes a powerful data-driven, scriptless test design and execution language called Rapise Visual Language (RVL). This simplifies the process of creating large-scale data-driven regression tests that allow you to test large volumes of complex transactional data against your core systems.

Complex Algorithms

With the rise of high-speed trading and automated trading platforms, you need testing solutions that can handle large volumes of real-time data. With our Rapise automated testing platform you have a system that can handle the load.

With its powerful support for data-driven testing, built-in mathematical libraries and easy extensibility, Rapise is your best choice when you need to test and validate complex algorithms.

Speed and Agility

Speed, both in the development process, and in the systems themselves. Financial software needs to be released quickly and need to work speedily because trading in the financial markets is a race among competing firms.

Our SpiraTeam application lifecycle management software has been designed for agile processes from day one. With SpiraTeam you have a system that makes the requirements management process a fluid and dynamic experience, with real-time dashboards and visual planning boards to enable real-time collaborative planning and prioritisation.

However, although banks and finance firms are heavy users of Agile methodologies and DevOps, due to the need to support regulatory reporting requirements, companies need to adapt agile to include additional steps and artifacts that are not strictly agile. You need tools that are agile in nature, but provide flexibility to include waterfall steps, use cases, item dependencies, and other traditional needs.

SpiraTeam is flexible in its approach, with a methodology-agnostic design that lets you work in a hybrid methodology that is tailored to your business.

Data Interoperability

A key feature of ALM tools that you need to consider is data portability and interoperability. For European companies, the General Data Protection Regulation (GDPR) mandates such functionality. You need to make sure that your ALM platform has a robust set of versioned APIs that are actively maintained and developed. Such APIs will let you integrate the data in your ALM solution with your other systems (billing, document management, etc.).  For Australian businesses, it’s a good idea to be GDPR compliant before legislation enforces it here.

SpiraTeam provides a robust set of REST and SOAP APIs that are versioned and maintained, with the ability to run code written over ten years ago against the current version, unchanged.

Domain Expertise

Business knowledge is important for testers in any domain, but particularly in financial services, where the business itself and technology are becoming increasingly intertwined. Influence IT, based in Brisbane, understands your business and can help you to implement tools to best suit your environment.  Succeed where others fail and contact Influence IT today for more information on Spira products from Inflectra.

Thanks to Inflectra and their Asia-Pacific Sales Manager, Peter Brackstone, for user of this article.  Influence IT is the Asia-Pacific Sales Office for Inflectra products.