RiskOperational RiskWindows XP: the Ongoing Dilemma

Windows XP: the Ongoing Dilemma

As gtnews reported last March, Microsoft’s withdrawal of general support for its popular Windows XP operating system  from April 8 exposed users to serious and increasing levels of technology risk. This issue seriously directly impacts all remaining corporate treasury XP users, as dependence on an unsupported operating system to manage the communications, database and calculations of this critical financial function clearly falls short of basic standards for good operational practice. The issue is a high priority for technology auditors – and won’t go away until XP finally rides into the sunset.

An expensive band aid

The potential risks of using an unsupported operating system extend beyond obtaining effective support services when problem issues inevitably arise, as the treasury system interacts with external software and services. It is predictable that the external technical environment will evolve and change, as banks and others enhance their service provision. Such changes may require some level of expert operating system maintenance to be accommodated for operations to continue.

More seriously, the situation provides an opening window for cyber criminals to penetrate and subvert all treasury operations, with potential for increasing security breaches, system crashes and fraud attempts.

One quick fix for the XP support issue is to negotiate a special extended support agreement with Microsoft or another qualified technology company. This isn’t a cheap solution, and is likely to become more expensive over time. A robust permanent solution is needed.

XP is installed on thousands of computers in many corporations, with treasury usage among the areas exposed to an enhanced level of risk. A practical example of managing such an enterprise-wide situation was recently published on the BBC website. It includes a description of the complex and expensive project that major UK retailer, the John Lewis Partnership, undertook to eliminate XP and the associated risk.

A technical issue relevant to treasuries is that bespoke software developed using some specific XP features won’t work in upgraded operating system environments, so needs to be replaced – thus increasing the costs of the exercise. Such add-ons are common features in treasuries reliant on older treasury management systems.

The way forward

Technology problems are anathema for corporate treasurers, who naturally want their departments to focus on managing cash, financial risk, regulatory compliance and timely generation of accurate management reporting. They need robust, dependable support from their underlying technology at a reasonable cost.

The way an issue such as migrating away from Windows XP is being tackled varies according to the size and complexity of the organisation. Larger companies usually have substantial IT capacity and in-house technical resources, and their policy often requires critical financial technology such as the treasury management system (TMS) to be managed and supported internally. So responsibility for replacing Windows XP would be managed in-house.

By contrast, many companies operate an IT policy that looks to outsource the hosting, operation and support of technology, which is seen as cost-effective solution and a means of reducing technology risk by delegating the main responsibilities to expert outsiders. This approach is increasingly applied to small, specialist operations such as corporate treasury.

The emergence of cloud based multi-tenanted SaaS offerings in the TMS market means that comparatively low-cost technology solutions – including operating system migrations – are readily available. A SaaS solution offers an efficient means of taking care of technology issues using the outsourcing services of an expert partner. Its evolution has been facilitated by the rapid, seemingly irreversible growth in the adoption of cloud-based technology.

Albert Pang, president of Apps Run the World, a California-based ICT market-research company devoted to the applications space, comments: “Our research shows a strong interest in cloud applications because of the reduced total cost of ownership as well as implementation agility and flexibility.

“With more than 65% of enterprises pursuing some kind of cloud software investment plans over the next 12 to 24 months, I recommend corporate decision makers seriously evaluating the long-term viability of their current systems, many of which have become so outdated that they are incapable of accommodating today’s user needs, let alone what they hope to accomplish in the next few years.”

The company’s research http://www.appsruntheworld.com/opinions/index/154 indicates that cloud subscriptions will see compound annual growth of 17% between 2014 and 2018, while the on premise installation market will shrink 2% over the same period.

Multi-tenanted SaaS TMSs

Multi-tenant SaaS TMSs utilise cloud based facilities for application and database storage, combined with browser access over the web for clients’ communications, to submit new transactions and standing data, to interrogate their treasury information, to receive and send information to banks, ERPs and other third parties, and to run up-to-date reports.

The technical facilities are shared by many clients of the SaaS provider, aka ‘tenants’, and individual database segments are segregated to ensure data protection and confidentiality. Facilities sharing enables the SaaS model to generate striking cost efficiencies, which can be shared across the client base.

Central management of the technology provides many benefits. IT responsibilities, such as hosting, database administration and upgrade management are outsourced to experts, removing the burdens of technology management from day-to-day treasury responsibilities. Consequently, technical issues such as operating system migration are effectively eliminated from the users’ perspective. The SaaS provider performs all necessary set-up work and extensive testing, then rolls out the upgraded environment to clients simultaneously. Adoption of a SaaS solution means that such eventualities as the Windows XP support withdrawal are effectively eliminated from the client treasury’s future technology risk considerations.

Another positive feature is that centralised, standardised system management processes can accelerate and secure initial system implementation projects, and make it easier for the vendor to provide effective client support services, as the clients and support teams are always all working with the same, up-to-date version of the application software.

The SaaS-derived freedom to focus more completely on details of cash and treasury management is becoming widely appreciated by users of such multi-tenanted solutions. “Our customers regularly tell us about the benefits they are achieving through not being dependent on a specific operating system or a specific browser,” says Rémy Dubois, executive vice president (EVP) and managing director worldwide sales and partners for Kyriba.


Treasury is following the general technology industry trend towards adopting SaaS solutions, which are helping companies to avoid the pain and cost of managing operating system migrations, reducing technology overheads and minimising several risks – and therefore enabling their teams to dedicate their resources and creative energies on their core business activities.

Related Articles

The methods and tactics behind risk and control self assessment

Operational Risk The methods and tactics behind risk and control self assessment

2w Nash Riggins
The digital fortress: fortifying your treasury

Operational Risk The digital fortress: fortifying your treasury

1y Martin Bellin
De-risking trade finance operations: A transitional approach

Bank Relationships De-risking trade finance operations: A transitional approach

1y Jacco de Jong
2017's most read: Open API: unlocking innovative new services in banking

Automation 2017's most read: Open API: unlocking innovative new services in banking

1y Lu Zurawski
BNP Paribas Cash Management University day 2: cyber attacks, predictive analytics and investing

Banking BNP Paribas Cash Management University day 2: cyber attacks, predictive analytics and investing

1y Victoria Beckett
Can you afford not to be ethical?

Compliance Can you afford not to be ethical?

1y Philippa Foster Back
A ‘wait and see’ approach won’t work: US businesses must prepare for GDPR

Bank Relationships A ‘wait and see’ approach won’t work: US businesses must prepare for GDPR

2y Patrick Lastennet
Ethnic diversity in top companies improves

Consumer/Retail Ethnic diversity in top companies improves

2y Graham Buck