Cybersecurity News that Matters

Cybersecurity News that Matters

New Report Reveals Governance Bottlenecks Cost Banks Hundreds of Thousands of Hours, Threaten Competitiveness and Compliance

by Business Wire

Apr. 25, 2025
12:42 AM GMT+9

Real-world data, surveys, regulator reports, and industry case studies expose the risks of outdated change management for the world’s largest banks

OSLO, Norway–(BUSINESS WIRE)–A new report from governance automation firm Kosli, “Unbricking the Wall: Rethinking Governance to Unlock Software Delivery at the World’s Largest Banks,” sheds light on one of the most persistent and costly obstacles in financial technology: legacy software governance.


The findings are based on a comprehensive methodology that combines internal developer surveys, real-world DevOps performance data, documented regulatory enforcement actions, and case studies from institutions including Morgan Stanley, Deutsche Bank, State Farm, Finansinspektionen (Financial Supervisory Authority) Sweden, The Financial Conduct Authority (FCA), and others.

Key Findings: Legacy Governance Is the Final Bottleneck

Despite adopting DevOps and CI/CD at scale, banks remain constrained by manual, paper-heavy governance practices originally designed for once-a-year releases—not today’s daily deployments.

Among the report’s most striking revelations:

  • At one Fortune 500 investment bank, over 200,000 hours annually were spent preparing and approving change tickets—equal to 100+ full-time engineering years.
  • One engineer documented needing 81 individual steps and 3 JIRA tickets to get a single line of code into production.
  • Manual approvals often provide only the illusion of control—with missed vulnerabilities and rubber-stamped approvals widespread. The UK Financial Conduct Authority found that some Change Advisory Boards (CABs) never rejected a single change.

In 2023, Swedbank was fined $81.52 million after failed governance led to outages affecting nearly one million customers. Regulators noted that existing controls—including a CAB—failed to prevent unauthorized deployments.

Compliance vs. Competitiveness: A False Tradeoff

The report warns that traditional banks are increasingly outpaced by digital-first rivals:

  • In the UK, neobank usage hit 50% of adults by the end of 2024 and is projected to reach 41% market penetration by 2028.
  • U.S. neobank users are expected to climb to 34.7 million by 2026, equaling 14% of the population.

At the same time, modern software teams are improving stability of the codebase, further widening the gap against slow and manual governance practices. According to the 2024 DORA (DevOps Research and Assessment) report, they are:

  • Deploying 182x more frequently
  • Experiencing 8x fewer change failures
  • Recovering from incidents 2,293x faster

“This divergence is a ticking time bomb for financial institutions from a risk perspective, but also in terms of defensibility,” said Mike Long, co-founder & CEO at Kosli. “When governance is slow, risk-prone, and paper-based, it stops banks from competing—not just on features, but on stability and trust.”

The Way Forward: Automated, Tool-Agnostic Governance

The report outlines a new governance model—one that replaces manual processes with continuous, automated, verifiable controls. It calls for platforms that:

  • Automate evidence gathering from commit to production
  • Enforce GRC policy in real time
  • Monitor runtime environments for ongoing compliance and audit readiness
  • Integrate with hundreds of DevOps tools across hybrid and multi-cloud environments

Kosli’s enterprise solution, cited in the report, enables banks to start small with proof-of-value deployments and scale governance automation across complex organizations. The company recently raised funding from its customer Deutsche Bank’s corporate venture capital arm, and is a go-to governance solution for global banks and financial institutions.

Download the Report

“Unbricking the Wall: Rethinking Governance to Unlock Software Delivery at the World’s Largest Banks” is available for download at Kosli’s website.

About Kosli

Kosli helps financial institutions automate their SDLC controls and audit trails, enabling them to deliver compliant and secure software changes at the speed of DevOps. The Kosli platform provides real-time visibility and control over software delivery processes, ensuring that all changes meet regulatory requirements while maintaining the agility needed in modern development environments. Find more information at https://www.kosli.com/.

Contacts

Media Contact:
Marie Williams

Coderella

(415) 707-2793

[email protected]

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Business Wire
    : Author

    Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. Public relations, investor relations, public policy and marketing profession...

    View all posts
Author:
Stay Ahead with The Readable's Cybersecurity Insights