Cloud-based applications are hardly a new concept. Nevertheless, financial institutions (FIs) such as banks, insurance companies, and other financial service providers were very skeptical about the cloud. The consequences of non-compliance and regulation violation have cost some major banks considerable penalties in recent years. That is why many banks felt that switching to cloud-based applications posed heightened risk.
Obstacles – both internal and external
But where does this uncertainty and scepticism come from? It may be due in part to the extensive data protection regulations and risk management requirements. For instance, FIs must answer the following questions when they use cloud-based applications:
- Where? In what country and community is my data physically located or can it be located from a contractual standpoint? How can I verify its location?
- Who? Which individuals access my data in a reading/writing/administrative capacity? What country do they work in? Cloud provider’s service provider?
- How? According to what workflows (development, operation, data management) are my data processed in the cloud? What key controls are integrated into these workflows?
- Are legal risks in data processing in European and non-European countries adequately managed (enforceability)?
In addition to regulatory issues, there are questions of service level, making it difficult for cloud providers and FIs to work together successfully. Cloud providers offer standard SLAs that usually do not meet FI expectations, which are 24/7 access and service in addition to the highest availability. But actual cloud service performance quality is far above the standard SLAs and thus clearly in line with financial service provider requirements.
Cloud services – untapped potential in the banking sector
A large number of long-established financial institutions are nevertheless currently undergoing far-reaching restructuring. One problem area is the high costs in the institutes. Using external cloud IT services could help. Here, two advantages of the cloud play a central role: (1) They can help to reduce costs, and (2) They help simplify processes and make company infrastructure more agile. In recent years, various FIs have therefore rapidly introduced cloud strategies. At present, it appears that very few FIs still have strict no-cloud policies.
The obvious question here is what FIs currently mean by cloud usage and cloud strategies. Using cloud technologies in an FI’s own data center to optimize its infrastructure platform is often considered a cloud strategy. But such a position ignores the fact that this does not reduce costs – the fixed cost share of IT is still high. The opportunity to reduce operating and maintenance costs and react more aggressively to current market changes remains unrealized.
In short, the actual potential of the cloud – cost reduction, agility, and the associated faster time-to-market – is currently untapped by the financial industry.
The way forward
The current low-interest environment and the increasing competitive pressure arising from FinTech’s innovations are currently playing a decisive role in ensuring that cloud providers and financial service providers move closer to each other. FI requirements are being revised, and cloud providers have adjusted their offerings. An example is that data centers have been set up in Germany in order to guarantee compliance with the data protection guidelines in question. This paves the way for the introduction of cloud-based applications.
But cloud-based applications are not being introduced in all business areas. For example, core banking systems and mission-critical applications remain locally installed. However, this attitude is changing as companies gain confidence in the performance and security of the cloud. Innovative RegTech and market data services are also expected to move into the cloud.