As a global leader in the regulatory reporting space, Regnology understands that technological stability is vital to a safe and sustainable financial future. We’ve prioritized creating a comprehensive framework to protect our clients from potential vulnerabilities, help them manage their data in the safest environment and achieve the highest security levels for our RegTech and SupTech solutions.


Upholding this commitment requires adherence to proper standards and processes for security information management. Recently, our Rcloud platform completed its System and Organization Controls Type 2 (SOC 2) certification – the highest set of international information security standards. This certification, combined with our ongoing ISO/IEC 27001 and ISO/IEC 22301 compliance, gives us a stable foundation to support innovation and provide solutions to pressing regulatory challenges.  

As we continue to expand globally – in North America and APAC, in particular – these certifications demonstrate our commitment to the safety, security and privacy of existing clients and new prospects alike. While these measures apply to all of Regnology’s products and services, they are of particular importance for Rcloud, which we launched in partnership with Google Cloud in 2022.

In conversation with Antoine Moreau

Read on as Antoine Moreau, CIO of Regnology, shares more on Rcloud’s end-to-end security architecture, our ongoing collaboration with Google Cloud and more.  

Let’s start with the basics.
What is Rcloud and what is the collaboration like between Regnology and Google Cloud?


A state-of-the-art cloud platform, Rcloud provides augmented regulatory reporting capabilities that bring greater efficiency, scalability and security across all of Regnology’s solutions. Rcloud enables seamless delivery of cloud native software, deployment/configuration and operations through a fully aligned, one-stop service offering. Leveraging the power of Google Cloud’s infrastructure, Rcloud addresses the challenges our clients face due to higher data quality standards, increased reporting volumes and frequent regulatory changes.

Rcloud is equipped with streamlined platform operations powered by container orchestration, infrastructure-as-code and an easy-to-use UI. These features enable self-service planning and execution of deployments, software configuration and workflow automation. Additionally, a combination of vertical and horizontal scaling helps clients to flexibly start, suspend and shut down instances on demand. By accessing Regnology’s services via Rcloud, clients immediately benefit from our most recent innovations and technological developments. 

Tell us how Regnology and Google work together to ensure comprehensive security within Rcloud.


Rcloud leverages a shared responsibility model to ensure security, also called “Shared Fate”. As an infrastructure and service provider, Google Cloud acts as a sub-processer of Regnology’s customer data and must make assurance reports and certifications. It must also deliver disaster recovery solutions, monitored infrastructure within SLOs and a high level of data center security.

On the flipside, Regnology acts as a processor of personal data as instructed by its clients. Our team is responsible for the secure development and operation of our SaaS solution, which enables full compliance and effective isolation of client instances. It’s also on us to implement some of the architectural best practices mapped out by industry standards, including business continuity and disaster recovery.

Regnology’s partnership with Google Cloud is a case study in dedication to security compliance, ensuring the safety and privacy of our clients’ highly sensitive data.

Antoine Moreau CIO

These best practices have resulted in compliance with industry standards such as ISO/IEC 27001 and SOC 2.
Tell us more about how Regnology and Google Cloud work together to achieve those certifications.


Regnology’s partnership with Google Cloud is a case study in dedication to security compliance, ensuring the safety and privacy of our clients’ highly sensitive data. Google Cloud’s IT architecture and processes are certified with all relevant industry requirements – including ISO/IEC 27001 and SOC 1,2 and 3 – and offer robust encryption capabilities.

Google Cloud creates and shares mappings of industry-leading security and privacy controls with standards from around the world. It also consistently undergoes independent verification to help demonstrate full compliance. This range of regularly updated and publicly viewable certifications cements Rcloud’s position as the ideal solution suite for financial institutions looking to simplify, scale and create efficiencies in the regulatory reporting process.

What are some of the most important infrastructure security capabilities or controls available via Rcloud?


Google Cloud’s core system architecture was built to provide defense in depth, at scale and by default. It enforces strict separation between administrative tools and different development stages of the client environment. Google’s Kubernetes – the base platform for Rcloud – can be deployed in a single or multiple regions across multiple availability zones.

Google’s Cloud Armor function scans external traffic with a Web Application Firewall. If suspicious network traffic or a change in standard network patterns is detected, it will block the offending traffic and trigger an alert. When it comes to identity and access management, Google Cloud has robust authentication capabilities, validating each user against their internal data source. This enables clients to retain full control over their user access authentication.

By minimizing data storage and only using essential information for role-based access control, Rcloud significantly reduces the potential impact of data breaches. This ensures a robust, privacy-respecting environment that both maintains functionality and fosters user trust.

What are some key features and benefits of Google Cloud’s data security?


Rcloud affords clients the ability to have their dedicated Kubernetes clusters referred to as a “space” – a self-contained, isolated environment that provides a distinct layer of security and autonomy, unlocking the ability to tailor resources and configurations to the client’s specific needs. This arrangement enables robust, scalable application deployment and management within the space.

Rcloud also leverages detection capabilities from Google Cloud Security Command Center (SCC), a cloud native security solution that monitors nearly everything in the environment, enabling the Regnology team to detect, investigate and respond rapidly to security threats. This results in reduced risk, improved compliance and simplified security operations.

Explore our Rcloud solution

A state-of-the-art cloud platform

Leveraging Google Cloud’s infrastructure, the Rcloud platform addresses the challenges you face due to higher data quality standards, increased reporting volumes and more frequent regulatory changes.

Learn more

You might also be interested in

  • IRRBB – Impact on the regulatory reporting landscape


    IRRBB – Impact on the regulatory reporting landscape

    Learn about the intricate connections and interdependencies between IRRBB reporting requirements and other regulatory domains.

    Read more
  • Empower your organization with a fully streamlined end-to-end IRRBB and Liquidity Risk Management solution


    Empower your organization with a fully streamlined end-to-end IRRBB and Liquidity Risk Management solution

    Find out more about SS&C Algorithmics and Regnology's joint solution focused on IRRBB calculation and reporting.

    Read more
  • Interest Rate Risk in the Banking Book (IRRBB)


    Interest Rate Risk in the Banking Book (IRRBB)

    Learn more about what the EBA's new reporting requirements for the IRRBB entail for financial institutions.

    Read more

Contact us