Balancing BAU and IT transformation in Australian financial services
Australian financial services are walking a tightrope. On the one hand, they must maintain business as usual (BAU). On the other, they face increasing pressure to drive IT transformation. This balancing act is more than a question of efficiency; it’s a strategic challenge that directly impacts competitiveness and long-term success in a rapidly evolving digital landscape.
ADAPT’s 2023 analysis reveals a key trend: 43% of Australian financial services organisations are preparing for increased IT budgets. This rise highlights the critical role technology plays today. However, as IT budgets grow, so does the tension between innovation and the demands of regulatory compliance and operational stability. Legacy systems add complexity to this challenge. They remain the backbone of daily operations in financial services, even as organisations pursue new technologies.
Navigating compliance in a transforming sector
Balancing innovation with stringent regulatory demands is more than a technical issue—it’s a strategic imperative. Australian financial institutions are required to adhere to rigorous standards such as CPS 234 for information security, CPS 230 for operational risk management, and CPG 229 for climate change financial risks. While essential for safeguarding the system, these regulations often slow down technological progress.
Yet, standing still is not an option.
Fintech disruptors and global tech giants are reshaping customer expectations. This effectively means that traditional financial institutions must embrace meaningful change while keeping their operations secure, compliant, and efficient.
In the following sections, we’ll explore how Australian financial services can balance BAU with IT transformation, maintain stability during innovation, and demonstrate the value of their transformation efforts in a tightly regulated market.
Part 1: Core challenges of balancing BAU and IT transformation
Resource allocation dilemma
Balancing resources between BAU and transformation efforts remains one of the most pressing concerns.
- Budget constraints: While 43% of financial services organisations expect an increase in IT budgets, the real challenge lies in balancing operational costs with secure, compliant technology investments. The drop in OpEx from 65% in 2022 to 55% in 2023 illustrates this ongoing struggle between maintaining legacy systems and embracing new innovations.
- Time management: Organisations must ensure day-to-day operations run without disruption while dedicating enough time to transformative projects. With operational effectiveness rising as a priority, finding the balance between core systems and innovation is no longer optional—it’s essential.
- Human resources: The allocation of skilled talent between compliance-driven BAU operations and forward-thinking innovation initiatives is another challenge. Leadership development and upskilling are top priorities in 2023, as organisations recognise the need to build teams that can navigate both regulatory pressures and technical advancements.
- Additionally, competing business priorities add pressure on IT leaders. Large financial institutions have various business units (BUs) focused on different objectives—such as customer experience, innovation, compliance, and risk management. Each BU has its own goals, creating tension for IT leaders who must balance these to meet overall organisational needs.
Skill set gaps
The skill sets required for BAU and IT transformation are diverging, creating a significant gap.
- Expertise requirements: While BAU relies heavily on regulatory expertise—knowledge of CPS 234 and CPS 230—IT transformation demands proficiency in emerging technologies and agile methodologies. This widening skills gap is becoming more evident as both areas require increasingly specialised knowledge.
- Upskilling challenges: The rapid evolution of financial technology underscores the urgency of upskilling staff who can manage both regulatory compliance and cutting-edge tech. As mobile wallet transactions surged to $126 billion in 2023 (a 169-fold increase from 2018), the pressure to develop employees capable of navigating this fast-paced change is higher than ever.
- Recruitment difficulties: Finding professionals with a blend of compliance expertise and tech innovation skills is proving difficult. Financial institutions are now competing across sectors for this rare combination, making recruitment a critical component of their transformation strategy.
Organisational resistance to change
Cultural and organisational inertia is often a barrier to successful IT transformation.
- Preference for established processes: Financial institutions, known for their risk-averse nature, tend to favour tried-and-true BAU processes that guarantee compliance. ADAPT’s research shows that building a secure and trusted organisation is now the top priority for 2023-24, reinforcing the emphasis on stability and security over disruptive change.
- Fear of workflow disruption: Concerns about disrupting workflows that ensure regulatory compliance can delay transformative initiatives. This hesitation is especially pronounced when compliance is deeply embedded in daily operations, making integrating new technologies feel risky.
- Stakeholder scepticism: Scepticism from stakeholders often centres on how transformation will affect compliance and risk management. Past challenges with cloud migration—such as outdated security policies and unexpected cloud costs—continue to fuel doubts about the feasibility and benefits of transformation.
Addressing these challenges requires a careful alignment of IT transformation with regulatory frameworks, a substantial investment in skill development, and a culture that supports innovation within the bounds of a highly regulated environment. As Australian financial services organisations move forward, they must leverage cutting-edge technologies while safeguarding the stability that underpins their operations.
Part 2: Ensuring operational stability during IT transformation
Managing the risks of integrating new technologies
Integrating new technologies introduces a range of risks that must be mitigated to ensure business continuity and compliance.
- Balancing innovation with legacy systems: The digital revolution in Australian banking has reached a tipping point, with 99.1% of transactions now occurring digitally and cash use plummeting to just 13%—down from 70% in 2007. This shift highlights the urgent need to innovate while safeguarding security and compliance. Financial institutions must strike a delicate balance between embracing new technologies and maintaining legacy systems that comply with Australia’s regulatory frameworks.
- Ensuring business continuity: Maintaining continuity for critical, compliance-related processes during transformation is essential. In 2023, the top priority for financial services was “building a secure and trusted organisation,” emphasising the need for uninterrupted operations. With APRA’s new CPS 230 coming into effect in July 2025, which places a strong focus on business continuity and operational risk management, effective change management is even more crucial to minimise service disruptions as new technologies are introduced.
- Managing increased complexity: Adopting new technologies invariably increases complexity. ADAPT points to outdated security policies as the largest barrier to cloud migration, adding layers of risk and complication. Institutions must manage this complexity while maintaining stringent security standards. In 2023 alone, Australians lost $2.7 billion to scams, according to the ACCC, underscoring the need for robust security and compliance measures throughout the transformation process.
Measuring and demonstrating value
Effectively quantifying and communicating the value of IT transformation is essential to securing stakeholder buy-in.
- Quantifying ROI: One of the major challenges for financial services is measuring the return on investment (ROI) from IT transformation while maintaining compliance. ADAPT’s analysis shows that ongoing cloud costs are a top-five barrier to cloud migration, further complicating efforts to predict and measure the financial impact of transformation initiatives.
- Balancing compliance and innovation: Organisations must walk a fine line between adhering to strict compliance requirements and pursuing the long-term benefits of innovation. Since 2023, compliance has become a strategic priority, but it must coexist with innovation to ensure competitiveness in an evolving market.
- Communicating value to stakeholders: Demonstrating the value of IT transformation to stakeholders focused on compliance and risk management is crucial. With operational effectiveness identified as a major priority for 2023, financial institutions must show how transformation initiatives enhance operations and reduce risk to gain support.
Maintaining governance and compliance
A robust governance and compliance framework is the foundation for any successful IT transformation in Australia’s regulated financial sector.
- Adhering to regulatory requirements: Compliance with key regulations, such as CPS 234 (information security), CPS 230 (operational risk management), and CPG 229 (climate risk management), is non-negotiable. Institutions must embed compliance into every stage of the IT transformation process to ensure ongoing regulatory alignment.
- Maintaining security standards: High security must be maintained across both BAU operations and new technology initiatives. “Building a secure and trusted organisation” was the top priority for 2023, reinforcing the critical role security plays in any transformation effort.
- Developing flexible governance frameworks: Financial institutions need governance models that evolve with technological advancements while ensuring compliance. With “digital-ready skills” now a top investment priority, flexible governance frameworks are necessary to support both innovation and regulatory demands.
By addressing these core areas—managing the risks of new technologies, demonstrating the value of transformation, and maintaining a strong governance framework—Australian financial services can confidently pursue IT transformation while preserving the operational stability that is vital to their long-term success.
Conclusion
Balancing IT transformation with BAU operations is a unique challenge for Australian financial services organisations. This delicate balancing act requires a strategic approach that tackles regulatory demands, resource limitations, and the constant pressure to innovate in a fast-changing digital landscape. Organisations must close skill gaps, overcome internal resistance to change, and ensure seamless integration of new technologies. Simultaneously, they need to clearly demonstrate the value of transformation while maintaining strict governance and compliance standards.
To successfully manage these challenges, financial services organisations should consider the following strategies:
- Adopt flexible methods: Agile and iterative approaches to IT transformation, such as DevOps and microservices, enable organisations to adapt to regulatory shifts while driving innovation. This flexibility is essential for balancing BAU with transformative efforts.
- Leverage managed services: With 43% of organisations anticipating IT budget increases, managed services can help fill skill gaps, enhance security, and meet regulatory needs. This allows internal teams to concentrate on core business goals without sacrificing operational stability.
- Commit to continuous learning: Leadership development and staff upskilling remain critical in 2023. Promoting continuous education bridges the gap between compliance knowledge and technical expertise. As the rapid adoption of AI technologies accelerates—with 68% of Australian businesses already using AI and another 23% planning to implement it within the next year—this focus on learning becomes even more crucial.
- Approach cloud adoption strategically: With 37% of financial sector workloads now in the public cloud, careful cloud migration is essential. Addressing outdated security policies and managing cloud costs ensures that transformation doesn’t compromise stability or compliance.
- Build a strong security culture: Organisational culture plays a critical role in successful IT transformation. Building a robust security culture involves more than just deploying new technologies; it requires addressing mindset shifts, reducing fatigue, and fostering the right skills across the organisation.
By embracing these strategies, financial services organisations can successfully balance the competing demands of BAU and IT transformation. The path forward demands adaptability, strategic planning, and a holistic understanding of how technology drives business value while managing risks. Those who master this balance will lead the way in the evolving financial services space.