The Commonwealth Bank’s IT services expenses went back over $2 billion over the past year as cloud use and software costs increased, and the bank insourced more functions.
The bank reported a three percent - $66 million - rise in its IT expenses, which it said was partially “due to inflation and increasing software licensing and infrastructure costs, including growth in cloud computing volumes”.
IT expenses tend to hover around the $2 billion mark each year: this year they were $2.036 billion, compared to $1.967 billion and $2.046 billion in the years prior.
Within IT expenses, it was the “system development and support” line item where most of the increase is attributed.
In the past year, CBA was able to partially offset rising IT services costs with “productivity initiatives”, which it said included a “reduction in third-party service providers and contractors” engaged in technology work at the bank.
Still, insourcing some of this work increased staff costs, with the bank noting that “average FTE increased five percent primarily due to a reduced reliance on external vendors as we insource and enhance our IT and engineering capabilities”.
It goes on to explain that the “average number of FTE [staff] increased by 2125 or five percent - from 46,997 to 49,122” in the full year, which it attributed to insourcing, as well as to “enhancement of our IT and engineering capabilities including fraud and cyber security uplifts”.
Specifically in technology, the bank said it hired “over 1400 engineers and 219 technology graduates” in the financial year.
The bank did, however, make some recent changes that affected other parts of its IT workforce.
In terms of technology areas where it is spending money, CBA said it had “increased its focus on strengthening our capabilities and extending our leadership in digital, technology and customer-centric product offerings through the ongoing modernisation of our platforms and interfaces to provide integrated and personalised experiences for our customers”.
“The bank is also continuing to focus on initiatives to simplify and enhance our systems, automate and digitise processes, and uplift internal engineering capabilities.”
It specifically called out investments into improving “the resilience and simplicity of the bank’s IT infrastructure and data centres”; to its cyber security protections; and to technology upgrades in its branch network.
CBA recorded a five percent increase in net profit after tax (NPAT) for the year ended June 30 of almost $10.2 billion.
CPS 230 compliance
In its annual report [pdf], CBA indicated it is already “assessing and revising processes” to comply with CPS 230, a revised set of rules issued by the Australian Prudential Regulation Authority (APRA) around resilience and incident response.
As reported by iTnews last month, banks will have to renegotiate outsourced IT and cloud agreements in many cases to reflect the new expectations and requirements.
While the industry ostensibly has until mid-2025 to demonstrate compliance, the regulator has indicated it expects to see actions underway much sooner.
Cyber and tech strategy attention
CBA chair Paul O’Malley said in the annual report that the bank underwent “two external reviews” of its cyber security and participated in a ‘Technology Resilience Prudential Review’ last year, “where there were no adverse findings specific to cyber security for CBA”.
The bank also said that its data, cloud and technology strategies all gained board-level attention in the financial year.
Unsurprisingly, the board took a keen interest in artificial intelligence, in no small part because the bank’s partnership with H2O.ai is driving the technology into all parts of CBA’s operations.