Robert Palatnick, DTCC Managing Director and Chief Technology Architect
Amid the current fintech revolution, it’s very possible that the most impactful technology is the one that’s been around the longest – cloud computing. The cloud has reached the point where it can challenge long-held justifications for building and/or maintaining individually owned and managed data centers. However, unresolved issues around regulatory compliance related to cloud adoption still persist.
In what may turn out to be one of the biggest ironies of the current fintech revolution, it’s very possible that the most impactful technology is the one that’s been around the longest – cloud computing.
While new technologies such as distributed ledgers, artificial intelligence and robotics will fundamentally alter many aspects of the financial sector, the cloud has the potential to be transformative in terms of performance, cost savings, risk management and efficiency thanks to its maturation in recent years. Today, cloud computing has reached the point where it can challenge long-held justifications for building and/or maintaining individually owned and managed data centers. This is evident in the number of financial firms turning to the cloud to house core processes and reinforced by a 2016 report from Deutsche Bank that projects public cloud adoption among banks will grow more than 30% over the next three years.
On the issue of cost alone, cloud technology virtually eliminates expenses for physical hardware, software licenses, IT management and the significant, ongoing investment that is required to build and maintain a private data center. The cloud also enables users to test virtually any new software tool instantly and gather immediate results on its effectiveness, thereby eliminating the lengthy purchasing and provisioning cycle that can slow down innovation.
While these benefits alone make a good case for expanded cloud adoption, its security features, particularly related to cyber, far surpass the capabilities in private data centers. Cloud-based cybersecurity supports enhanced collaboration and collective learning which, in turn, supports intelligence gathering and threat modeling – a key building block of a resilient cybersecurity program. Potential cybersecurity-related cost reductions further reinforce the value of cloud computing.
Financial regulators globally have begun to recognize the appropriateness of leveraging the cloud as long as mandates and compliance obligations are met, including those related to data protection, data integrity, resiliency and auditing. In addition, a decade-long maturing of cloud services, along with the active engagement of many regulatory and security experts, have produced an abundance of guidance for cloud implementations, including best practices around due diligence, risk assessments, compliance and continuous monitoring.
However, unresolved issues around regulatory compliance related to cloud adoption still persist. According to a report by the Cloud Security Alliance, 71% of respondents cited “regulatory restrictions” as a reason for not adopting cloud technology. While most firms understand that their usage of the cloud must align with current mandates and requirements, some are finding compliance to be challenging given the volume of non-harmonized regulatory guidance around the matter.
For many financial firms, interpreting and complying with the myriad of rules and regulations represents a significant expense – even after these costs are off-set with reduced fees and enhanced cyber and operational benefits. DTCC continues to champion the need for harmonization of global mandates and best practices to help reduce non-compliance risk and costs associated with meeting multiple and sometimes conflicting regulations.
Historically, DTCC’s core platforms and systems have been hosted in our own private data centers – an approach that was essential given our systemic importance to the financial industry. However, advancements in cloud technology are now enabling us to expand our solutions delivery capability to externally hosted platforms, including the use of public cloud vendors for certain processes. In fact, we are currently re-platforming our derivatives life-cycle processing to a cloud-based system that will leverage distributed ledger technology.
There are several keys to a successful cloud computing strategy, but atop the list is the need to foster collaboration across regulatory jurisdictions and key industry stakeholders. Our collective goal should be to ensure that cloud computing policies satisfy regulatory mandates and compliance obligations while also meeting the users individual cost and risk management objectives.
This article first appeared in TabbFORUM on October 24, 2017.