Why cloud is the next step for financial regulation: 3 key considerations

Many financial regulators have been reluctant to incorporate cloud. Cloud has been seen as less secure, or more at risk of tampering or errors. However, we’ve seen that the cloud provides not just security, but accuracy and efficiency too.  

What is cloud in the context of financial regulation? 

The financial services sector is making a significant investment in cloud. A recent Cloud Security Alliance report found 91% of financial services organisations are actively using cloud services or planning to employ them within six to nine months. That number has doubled in the space of four years. 

According to the European Central Bank, bank spending on cloud computing increased by 50% between 2018 and 2019. Reuters recently published IDC figures predicting that spending on cloud services by banks will more than double from $32.1bn in 2020 to $85bn in 2025. 

This shift to cloud has significant benefits for financial regulators and regulatory technology (RegTech). Financial regulators have the capability to integrate a variety of systems using a cloud-based secure data exchange to view and analyse financial metrics and measure risk in real-time. 

Cloud-based technology allows regulators and financial services organisations to automate the interpretation of financial compliance using artificial intelligence. This enables data to be monitored to identify risks and potential areas of non-compliance much faster. 

What can financial services learn from other sectors incorporating cloud-based systems? 

Concerns over resilience, data integrity, security and risk management have made the financial services sector more reluctant than others to adopt cloud-based systems. But the adoption of cloud by other sectors has provided clear evidence of its benefits. Cloud-based systems bring greater agility, scalability, automation, cost benefits, flexibility, adaptability, and collaboration. 

Using cloud-based systems, organisations with separate and diverse systems can access a common platform to share, exchange and analyse data in a rapid, effective, secure and robust manner. 

What are the benefits of implementing cloud technology for financial regulators? 

• Seamlessly integrate disparate systems 
• Real-time communications and flow of data 
• Instantly view and analyse risk, with real-time data 
• Better ability to keep up with evolving regulatory landscape 
• Scalability of processes 
• Better understanding of increasingly complex data requirements 
• There is less physical infrastructure - such as servers, or other physical equipment - required. 

That sounds good. Are there any downsides? 

The challenges for cloud in the financial regulatory sphere are magnified versions of those it has faced in other sectors. Security, resilience, data backup and recovery, data integrity, management and responsibility for risk are common concerns for those adopting cloud-based technology. In many sectors, those issues have been assuaged or mitigated. 

Operational resilience is a significant issue, particularly regarding the “shared responsibility” model that operates between a cloud service provider and a financial services organisation. Simply put, cloud providers assume responsibility for the infrastructure while financial services firms are accountable for the data storage and processing, as well as the security of that data. But regulators expect financial services organisations to retain full responsibility for all activities they outsource to the cloud. 

Allied to this is the concentration of cloud services in a small number of providers and the potentially crippling effects an outage or cyber-attack could have. Bank of England Governor, Andrew Bailey recently argued the “increasing reliance on a small number of CSPs (cloud service providers) and other critical third parties could increase financial stability risks without greater direct regulatory oversight of the resilience of the services they provide”. He warned that “additional policy measures to mitigate financial stability risks in this area are needed”. 

Nevertheless, there appears to be an unstoppable momentum in the direction of cloud in the financial services sector. Financial regulators will need to keep pace with that shift to ensure financial services firms manage the transition to cloud effectively and reap the benefits it brings for them and for regulation. The future is through the cloud.