The cloud provider and industry utility have jointly released a prototype and guidelines for building resilient financial services applications.
Amazon Web Services (AWS) and the Depository Trust and Clearing Corp. (DTCC) have developed and released a technical framework, a set of best practices, and a reference implementation for building resilient financial applications. The work comes as part of an ongoing series of resiliency-focused whitepapers that DTCC has issued since 2019.
Related: A closer look at designing highly resilient financial services applications
The latest report details how to embed resiliency into applications through the development and consumption of reusable components and capabilities, and enable applications to operationally rotate between datacenter regions and run in each region for an extended period. The DTCC and AWS developed two resilient reference applications—for basic settlement and trade matching—with the code available for free on GitHub.
In 2019, the DTCC released the white paper—Resilience First—which laid out the organization’s broad thinking around resiliency and outlined possible disaster scenarios, including pandemics. A follow-up paper—titled The Power of Technology Resilience—focused on what capabilities are needed by firms to build resiliency into their infrastructures. This newest release provides application code, automation runbooks, and a monitoring dashboard all for use in the AWS environment.
The consultations—with more to come—are the DTCC’s attempt to inform the industry on its resiliency approach, with the hope that it offers some benefit, says Neelesh Prabhu, DTCC’s managing director of architecture and enterprise services and chief architect of information technology.
He outlines the guiding principles that underscore the DTCC’s approach, which are: building auto-correct capabilities during failures; regional availability; multi-regional efficiency; and testing and monitoring.
“The most interesting part of this was the multi-regional aspect. How do you rotate applications across regions and resume processing unimpeded? That’s what we spent a lot of time with AWS on,” Prabhu tells WatersTechnology.
DTCC’s requirements for the disaster recovery mechanism of critical applications include a recovery time objective of fewer than two hours and a recovery point objective of fewer than 30 seconds. This means that if a significant regional availability event impacts the trade matching or settlement applications, DTCC must demonstrate to internal and external risk management entities that it can recover service in an alternate region within that time and that messages older than 30 seconds will be processed after failover to the alternate region, the authors wrote in the white paper.
Jim Fanning, US director of global financial services at AWS, says that as an infrastructure provider to financial services firms, clients are asking for prescriptive guidance when it comes to resiliency and high availability. And AWS’ suite of services—this latest reference implementation makes use of tools such as Route 53 Application Recovery Controller, CloudWatch, HealthCheck API, Systems Manager, and SDK for Python (boto3), among others—can serve as building blocks.
“Building blocks are great because you can build anything. If I dumped a bunch of blocks out on the floor and said, ‘Build me a house,’ you could build 1,000 beautiful houses. But for regulated customers, especially in financial services, what we’ve been hearing more frequently is, ‘Tell me how I can build my house,’” Fanning says.
Encroachment or optionality?
The journey to the cloud has been an arduous exercise in increasing risk appetites within financial services.
Toward the end of 2021, the EDM Council, a trade association for data management and analytics, partnered with the Fintech Open Source Foundation (Finos) to develop an open-source suite for accelerating financial cloud compliance, called the Cloud Data Management Capabilities (CDMC) framework.
The work sought to establish a comprehensive set of standard guidelines for financial firms and other industries as they move their data into the cloud, and it counts the likes of AWS, Google, IBM and Microsoft as partners.
In its Q2 earnings this year, Amazon recorded 12% year-on-year revenue growth to $22.1 billion for its AWS cloud computing business. The business managed to add new customers and workloads despite seeing some users focus on cost-cutting due to geopolitical concerns, new sanctions, and compliance burdens. At the time, Andy Jassy, Amazon’s CEO, said he was still “very bullish” on the growth of AWS over the next several years.
The sentiment aligns with the growing perception that the major cloud providers—AWS, Google, Microsoft, and IBM—are coming for financial firms’ and fintechs’ toys. A number of systemically important financial firms, such as the DTCC, CME, Nasdaq, Cboe Global Markets, Deutsche Börse, and the Australian Securities Exchange, have each inked major, long-term deals with at least one cloud provider.
As Big Tech companies entrench themselves as the infrastructure providers of choice for capital markets firms, regulators are taking notice, and new rules and regulations are likely to follow as cloud, and now generative AI, fundamentally change long-held industry workflows and mindsets.
Fanning, for his part, says he doesn’t believe the role of Big Tech firms—cloud service providers and infrastructure providers—has changed.
“I wouldn’t call it an encroachment—I would say it’s about optionality,” he says.
DTCC’s Prabhu agrees, adding that financial firms have historically had—and retain—a lot of in-house talent, but third-party partners have also always been part of the equation.
“There’s certainly been a change in terms of who we are working with over time, but it is more about how we are putting those services together to deliver value to our customers. And I think from our perspective, when we can add value to our customers—be it in terms of efficiency, speed to market, enhanced resiliency—all of that is value accretive to the ecosystem,” Prabhu says.
This article was originally published to WatersTechnology on November 20, 2023.