Complexity, Compliance, and the Cloud in Banking
The complexities facing a bank operating in multiple jurisdictions aiming to move to the cloud in order to able to close the books remotely; can’t be underestimated. This may mean working with 2–3 cloud providers, dealing with multiple outsourcing agreements, making sure all jurisdictional financial regulations, domain-specific regulations, and data regulations, are respected.
Add-on additional complexities facing such a bank, if they are looking to enable their data scientists to use all possible anonymized data on the cloud, via APIs, securely & in full compliance, in order to gain insights and develop new internal AI capabilities to serve their customers better.
Add-on additional complexities facing such a bank, if they are growing through Fintech partnerships in a few smaller European countries in order to offer niche services to those markets.
We get the picture of how complexity is mounting, as the digitalization of business-critical processes has moved away from just discussions in the Board room. Clearly, digitalization in financial services and cloud adoption across all business verticals is no more optional. The risks and complexities related to these transformations have come to the forefront.
Especially for financial institutions based in Europe with a diverse set of regulators with different missions, from the FCA in the UK to FINMA in Switzerland and all the other European Union regulators, the challenges are evident. This complexity is at its peak for Tier 1 global institutions operating in Singapore in the far East, in Europe, and in the US.
The European Banking Authority (EBA) is clear in terms of its guidelines on outsourcing arrangements with the cloud vendors supporting the acceleration of digitalization. The core challenge for banks actually lies in the fact that all the compliance requirements are risk-based and therefore each financial institution has to not only understand the risks but also decide with which risks they are comfortable with.
There is a long list of risk assessments around data locations and data sovereignty, around security issues regarding sub outsourcing, and on and on. Such decisions up until now were not that tough because they were not affecting the core of the business. However, in this current environment, mission-critical processes in banking are being moved to the cloud and are being automated. They are pulled out of development and test mode and are now business as usual. Therefore, all the issues around security, business continuity, concentration risks, compliance, are more important and with major ripple effects in the business.
In this current era, it would be useful to remind ourselves of the Icarus deception. The popular truncated message from the myth of Icarus is that `It is dangerous to fly high` and this has probably been the culture in the highly regulated financial services sector with regards to adopting tech innovation especially in mission-critical business areas. Now it is clear that Flying low is as risky. Financial institutions are moving through the digitalization funnel mission-critical processes, whether they are payments, core banking settlements of securities, credit analysis, or closing the books, etc.
The guidelines of the European Banking Authority (EBA) for these issues have been around for a while but of course, now they are increasingly relevant as more financial institutions are aiming to become cloud-native. In this context, cloud-native means moving mission-critical parts of the business and going beyond for example just moving HR processes to the cloud. What the European Banking Authority (EBA)is not responsible for is the actual implementation and the business decision around the flight planning parameters.
I reached out to Rik De Deyn focused on Financial Services at Oracle, who recently published a blog on how Banks benefit from using Oracle Cloud Infrastructure to address the EBA Guidelines on outsourcing arrangements to see how Oracle teams use their experience in financial services to assist their cloud customers with these complexities.
“When we work with financial institutions on compliance, we always put the customers’ needs first. Many financial customers are active in multiple jurisdictions, and they need to comply with several regulations. Similarly, with a fast-growing number of global cloud regions, we have built our cloud infrastructure for reliability, with a security-first approach and flexible deployment options to offer proximity and meet data sovereignty requirements.”
Financial institutions that are multijurisdictional have to deal with several standards for data formats, several cloud vendors, and several compliance frameworks. No wonder the European Cloud User Coalition (ECUC)[1] was launched this year to address these unavoidable complexities. The ECUC is established by top financial institutions like Commerzbank, ING, Deutsche Börse, and Euroclear. It complements the existing Gaia X European initiative whose aim is to develop common requirements for European data infrastructure.
The need for advice in this complex environment is ever-increasing and cloud providers are also joining this industry coalition to support with their experience.
The market is faced with the reality that financial institutions of a certain size are dealing with multiple cloud vendors, with several regulatory jurisdictions, and with an increasingly complex list of the guidelines that need to be followed in terms of securing business resilience through this technological transformation.
Cloud and its capabilities are like the wings of Icarus. The universal large financial institutions need to fly at a reasonable height, not too low, not too high, to survive and thrive in this new era. Determining the right flying altitude and pathway for each business requires a long-term collaboration with cloud vendors that understand these complexities. Successful implementations require to not only have business resilience in mind, but also the experience of implementing technologies in compliant and forward-looking ways. Compliant today and across all complex requirements, and also in a way that allows creating new services in the future and serving customers in new ways.
Oracle is my client, and this is a sponsored article.
[1] Euroclear announcement of the launch of ECUC
📌 Twitter: https://twitter.com/efipm
📌 Subscribe to my YouTube Channel with my insights and industry leader interviews. New video every Wednesday: https://www.youtube.com/EfiPylarinou
📌 Spotify Podcasts. Follow here: https://open.spotify.com/show/5bRkZEYHSwPiGx7vTqylw6?si=Mg3hN5PDQ86K10GjeK52jw
📌 Linkedin: https://www.linkedin.com/in/efipylarinou/
📌 Web: https://efipylarinou.com/
