Real-world data, surveys, regulator reports, and industry case studies expose the risks of outdated change management for the world’s largest banks

OSLO, Norway: A new report from governance automation firm Kosli, “Unbricking the Wall: Rethinking Governance to Unlock Software Delivery at the World’s Largest Banks,” sheds light on one of the most persistent and costly obstacles in financial technology: legacy software governance.

The findings are based on a comprehensive methodology that combines internal developer surveys, real-world DevOps performance data, documented regulatory enforcement actions, and case studies from institutions including Morgan Stanley, Deutsche Bank, State Farm, Finansinspektionen (Financial Supervisory Authority) Sweden, The Financial Conduct Authority (FCA), and others.

Key Findings: Legacy Governance Is the Final Bottleneck

Despite adopting DevOps and CI/CD at scale, banks remain constrained by manual, paper-heavy governance practices originally designed for once-a-year releases—not today's daily deployments.

Among the report’s most striking revelations:

• At one Fortune 500 investment bank, over 200,000 hours annually were spent preparing and approving change tickets—equal to 100+ full-time engineering years.
• One engineer documented needing 81 individual steps and 3 JIRA tickets to get a single line of code into production.
• Manual approvals often provide only the illusion of control—with missed vulnerabilities and rubber-stamped approvals widespread. The UK Financial Conduct Authority found that some Change Advisory Boards (CABs) never rejected a single change.

In 2023, Swedbank was fined $81.52 million after failed governance led to outages affecting nearly one million customers. Regulators noted that existing controls—including a CAB—failed to prevent unauthorized deployments.

Compliance vs. Competitiveness: A False Tradeoff

The report warns that traditional banks are increasingly outpaced by digital-first rivals:

• In the UK, neobank usage hit 50% of adults by the end of 2024 and is projected to reach 41% market penetration by 2028.
• U.S. neobank users are expected to climb to 34.7 million by 2026, equaling 14% of the population.

At the same time, modern software teams are improving stability of the codebase, further widening the gap against slow and manual governance practices. According to the 2024 DORA (DevOps Research and Assessment) report, they are:

• Deploying 182x more frequently
• Experiencing 8x fewer change failures
• Recovering from incidents 2,293x faster

“This divergence is a ticking time bomb for financial institutions from a risk perspective, but also in terms of defensibility,” said Mike Long, co-founder & CEO at Kosli. “When governance is slow, risk-prone, and paper-based, it stops banks from competing—not just on features, but on stability and trust.”

The Way Forward: Automated, Tool-Agnostic Governance

The report outlines a new governance model—one that replaces manual processes with continuous, automated, verifiable controls. It calls for platforms that:

• Automate evidence gathering from commit to production
• Enforce GRC policy in real time
• Monitor runtime environments for ongoing compliance and audit readiness
• Integrate with hundreds of DevOps tools across hybrid and multi-cloud environments

Kosli’s enterprise solution, cited in the report, enables banks to start small with proof-of-value deployments and scale governance automation across complex organizations. The company recently raised funding from its customer Deutsche Bank’s corporate venture capital arm, and is a go-to governance solution for global banks and financial institutions.

Download the Report

“Unbricking the Wall: Rethinking Governance to Unlock Software Delivery at the World’s Largest Banks” is available for download at Kosli’s website.

About Kosli

Kosli helps financial institutions automate their SDLC controls and audit trails, enabling them to deliver compliant and secure software changes at the speed of DevOps. The Kosli platform provides real-time visibility and control over software delivery processes, ensuring that all changes meet regulatory requirements while maintaining the agility needed in modern development environments. Find more information at https://www.kosli.com/.

Fonte: Business Wire