The Bank of England (BoE) has called on financial services to "embrace cloud technologies” in a key report on the “Future of Finance”.
The BoE has raised concerns that financial institutions are slower at adopting the public cloud than other industries. This, the BoE argues, can be explained by cautious regulators, management teams taking time to gain trust and visualise use cases, as well as the cost of migrating systems.
However, with providers such as AWS underpinning the IT systems of companies like Monzo, Coinbase or Stripe and JP Morgan’s recent blockchain partnership with Microsoft Azure, the financial world is arguably already welcoming cloud computing.
Conservative estimates reported by McKinsey have placed a combination of software as a service (SaaS) and public cloud as hosting at least 40% of banks’ workloads globally within the decade. With cloud computing set to perform a critical function within finance infrastructure, we briefly note the BoE’s comments on the potential benefits to the finance industry, as well as the challenges on the horizon.
Opportunities
Current cloud infrastructure presents a series of advantages as identified within the report, such as:
- Quality: externally maintained cloud systems by dedicated providers are often beyond their in-house equivalents in terms of power, security and service maintenance.
- Speed: data analysis tools allow firms to examine and respond to customer demand and relevant trends quickly.
- Value: the report cites research that cloud computing may reduce IT infrastructure costs by between 30-50%, freeing up a businesses' funds for deployment elsewhere.
- Innovation: cloud technology provides flexible and agile infrastructure, reducing barriers to entry for small players who might not be able to invest in their own secure solutions. It offers ready-made platforms for early stage companies, including fintechs, to cut their time (and cost) to market.
Challenges
However, future challenges include:
- Cyber security and resilience: although their strength provides a deeper level of threat resilience than many companies would be able to source internally, external cloud services are not impenetrable (a recent example being the hack into Capital One’s cloud affecting more than 100 million of its customers). A combination of vendor concentration risk and the spread of reliance on these platforms for service delivery may increase the risk of a successful cyber-attack affecting a wider range of companies’ systems.
- Control: there are concerns that cloud infrastructure will reduce regulatory ability to scrutinise banks’ IT systems e.g. in relation to access and audit rights.
- Privacy: privacy, consent, data security and encryption of cloud services, as well as key questions surrounding liability in the event of a data breach or fair usage of the data, were noted by the BoE as critical areas where further evaluation is required.
- Regulatory: according to a Finastra survey cited by the report, 43% of UK firms stated that “complex regulatory requirements” were a key barrier to cloud uptake. Consequently, further clarity will be needed within this field. The BoE will be following up on their report in light of the concerns above, publishing a supervisory statement this year that “[describes] the PRA’s modernised policy framework on outsourcing arrangements” with a focus on cloud computing. Alongside the September implementation of EBA’s guidance on cloud outsourcing arrangements, this will hopefully broaden regulatory comprehension within the sector.
What next?
In its report, the BoE refers to the work of UK Finance to develop a series of practices that might enable cloud computing to scale in finance. The BoE concludes that, as part of this process for encouraging the adoption of cloud technologies, it should work with the private sector to help firms realise the benefits of public cloud usage without compromising resilience by:
- understanding and mapping concentration risks and interoperability, as well as building expertise within the BoE
- testing operational resilience, including to cyber-risk
- setting standards and guidelines for cloud usage, and
- collaborating with international regulators on a longer-term approach to cloud oversight.
Conclusion
On balance, whilst current progress in the uptake of cloud technologies in financial services may seem slow for some, the forecast ahead looks promising.
