How CIOs can navigate a perfect digital storm of complexity, competition, and regulation

The banking, financial services, and insurance (BFSI) sector is facing a storm. In recent decades, the widespread adoption of the internet and the subsequent smartphone revolution have empowered consumers and businesses to look beyond incumbent providers of financial services. Digital-first startups have changed expectations – fuelling demand for faster transactions and innovative services. These new entrants are no longer on the fringes of the industry but have seized market share and mindshare in what was previously a safe sector for incumbents. One online bank in the United Kingdom has been operating just 10 years but counts one in six of the British adult population as a customer.

Forced to respond through rapid modernization of their products and customer experiences, traditional financial enterprises have added complexity to their infrastructures. While some providers initially sought to implement radical transformation to cloud technologies, almost none have been able to replace their legacy IT. Efforts for rapid digital transformation has been additive, and the difficulty of regulating and extending those infrastructures has scaled up accordingly.

As a result, many ordinary financial transactions now rely on multiple types and ages of technology. A simple consumer action, such as transferring money from one bank to another using a mobile banking app or filing an online insurance claim, may traverse numerous systems and networks, often spanning multiple corporate entities. A transaction fulfilled in an instant for the consumer may touch multiple technologies across multiple geographies. Even the latest AI-driven front-end experiences will often still touch COBOL running on mainframes

The increasing impact of financial regulation

CEOs and CIOs in the financial sector increasingly find themselves personally accountable for the resilience of these complex technology structures. Increasingly nervous governments, reeling from major economic shocks and significant banking technology failures, have realized that digital financial systems are of critical national importance. Regulators have become merciless: A month-long series of consumer-impacting outages caused by a technology transformation at a U.K. bank led to debates in parliament, a major public enquiry, and heavy personal fines for the bank’s CEO and CIO.

The scale and scope of new and enhanced regulations are significant. The European Union’s Digital Operational Resilience Act, enacted in early 2025, and the enhanced guidance published to scrutineers in the updated Federal Financial Institutions Examination Council (FFIEC) information technology handbook, published in 2024, impose hugely stringent technology requirements (and severe associated potential penalties) on BFSI companies.

Enabling a competitive but compliant financial organization

In a competitive landscape where technology agility is essential to thrive, BFSI organizations have little choice but to design innovative, technology-driven services. In this situation, complexity will always increase.

Meanwhile, meeting the increased demands of modern regulation requires the organization to continuously understand the infrastructure underpinning its services, in significant detail.

The FFIEC handbook, for example, requires security analysts to have “an enterprise-wide understanding of the architecture and interoperability of systems and components.” Its guidance on proactive risk management requires a clear understanding of the “products, processes, applications, infrastructure, and interconnectivity” that make up the IT infrastructure and the relationship between that infrastructure and “the enterprise-wide business and strategic plan.”

Without a clear, accurate, and up-to-date picture of the topology and health of IT services, it is nearly impossible to meet the needs of these personas. And with complexity driving emergent system properties and rapid change, organizations — which in the past might have managed this information using multiple niche tools or even correlated information manually in spreadsheets — have no choice but to modernize.

Today’s financial CIO needs to ensure that their staff are provided with instant oversight across multiple technology structures, enabling them to understand their services in detail even as they rapidly evolve.

Tools must be able to discover and map the structure of services across multiple environments but also ensure their operational resilience and health. The organization needs to demonstrate compliance with required capacity buffers, sometimes over a period of years, even as services change. With regulators demanding the ability to respond quickly to outages, CIOs should ensure that their management platforms are smart enough to identify the cause of issues rapidly and accurately and be proactive enough to mitigate preventable issues before they occur.

Technical teams must be guided to solutions and enabled to evaluate change risk at a pace that supports rapid innovation – a challenging task, which requires advanced AI analytics to meet the velocity demands of DevOps teams.

CIOs who arm their expert teams with the best-quality, holistic tooling, leveraging new technologies such as generative AI can ensure that even long-established financial organizations can meet and exceed regulatory expectations, while driving innovation that meets the demands of the modern customer.

Visit here to see how AI-powered BMC Helix solutions enable enterprise-wide IT infrastructure observability and help BFSI organizations maintain secure, compliant, and resilient IT systems, or contact BMC today.