For Compliance, Look Up
Now that cloud has established a reputation for security and resilience, could it be the platform for a 21st-century regulatory framework?
Although banks have for many years used cloud technology for peripheral applications such as CRM and HR systems, use of the cloud for core banking has been held back by security fears. Regulators have been concerned that banks’ growing reliance on external services managed by a handful of ‘Big Tech’ companies could concentrate cyber risk, as well as putting data beyond supervisory oversight. As recently as April 2019, EU supervisory authorities published a report recommending new regulation for the cloud services that financial firms depend on .
Security and reliability
However, some critical infrastructure operators have moved their operations to the cloud, citing its security, lower cost and greater sophistication . And around the world, regulators have developed and updated guidance on the use of the cloud in financial services, which recognizes both the inevitability and the benefits of the technology. Given the vast resources, sophistication and data-handling power of the Big Techs’ cloud services, it seems inconceivable today that a bank’s own on-premise system could match them for security and reliability. Today, from a regulatory perspective, the balance of technology risk is tilted in favour of the ‘hyperscalers’.
Delivering what regulators want
From a supervisory perspective, cloud is the pathway to a financial services landscape that regulators are actively promoting. It’s essential to Open Banking, which opens up the market to competition at the same time as enabling banks to break down their value propositions and monetise them through APIs. An example of this would be offering SaaS options to customers, such as KYC as a service.
Together with Open Banking, cloud will create more customer-centricity and better user experiences, as open APIs integrate banking services into different applications. It’s a spur for the competition and innovation that regulators are keen to promote in the industry.
Wider availability of data over the cloud also opens up possibilities such as more accurate risk assessments, driven by SaaS-based AI analysis of data that was previously impossible to interrogate in one place. Cloud can also make possible more accurate and holistic credit scoring, potentially stimulating sectors such as microfinance, which in turn can raise levels of financial inclusion. For cloud technology, it’s a happy coincidence that the capabilities it enables – competition, innovation, risk management, financial inclusion – are also the key concerns of regulators worldwide.
In developing countries that may not have the infrastructure and data centres that modern banking needs, cloud offers an instant solution – as long as regulators are comfortable with domestic data being held overseas. In the Philippines, for example, the Central Bank has issued guidance that gives banks the right to run services in the cloud and use offshore services.
‘Cloud-native’ regulation?
So as the cloud becomes adopted as the platform of choice for financial services, will it also be the place where regulation resides? Certainly, it makes a global approach to compliance more feasible at a time when there is regulatory convergence on a global scale. Compliance with the EU’s GDPR rules, for example, is easier to manage on the cloud.
While it’s a fast-evolving area both in terms of technology and supervisory response, the cloud is redefining what’s possible in financial regulation, which has up to now been rooted in the analogue world. If it evolves, there is potential for data-driven, ‘cloud native’ regulation that will stimulate rather than hinder the market.