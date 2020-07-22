Banking in the cloud consists of the largest, and most significantly regulated industry in the world, running on an entirely unregulated infrastructure, a CTO at one of London’s largest banks told Dr. Richard Harmon, managing director for financial services at Cloudera

Financial services lacks a holistic approach to cloud

Photo by Tom Groenfeldt

A great quote, said Harmon, but for job security reasons the CTO did not want his name associated with it. Harmon, who has written on the topic extensively was speaking at an online panel focused on data risk blind spots in financial services with Francis Gross, senior advisor to the European Central Bank and Tom Bingham and Suchitra Nair from Deloitte. The panel was organized by JWG Group, a consultancy which specializes in financial regulation.

“How a firm manages data is now intrinsic to its value, yet the FS risk management framework provides no way to account for IT obsolescence, cloud concentration and data risks on the balance sheet,” said JWG in its announcement. “New operational resilience obligations, 3rd party risk management guidelines and cloud registries are due soon. ESG could provide a path forwards, but only if we can agree e.g. Tech.”

Cloud in particular lacks standards for contracts, performance, exits and interoperability in multi-cloud implementations which are, increasingly popular for resilience, avoiding vendor lock-in and meeting regulator concerns. But they have their own challenges for keeping apps and data in synch.

The pandemic has sped up the move toward digitalization, panelists said, and it has also compelled regulators to become more flexible. But no one has a good overview of tech systems and systemic risks. Individual firms may know their own risk while regulators mostly are relying on outdated reports of the systems.

“If they are getting monthly snapshots there is no way they can actively engage,” Harmon said. Regulators would need more standardized information perhaps starting with the contracts that banks sign with cloud service providers (CSPs).

Harmon said Cloudera has a technology solution because it offer s big data platform with a massive footprint so it can provide a hybrid multi-cloud environment where a firm is not locked into a single CSP.

“Our technology enables that, being able to move data and apps across any environment —private cloud, on-prem and public cloud.”

Tom Bingham, partner, technology and digital risk at Deloitte said some firms have a real desire to move to cloud but can’t because of internal reluctance by key stakeholders, perhaps applying old ways of thinking about benefits and risks. A second group of financial firms is running full speed ahead and accelerating cloud adoption. The critical issues for those organizations is to ensure they are taking the right proportionate approach, such as being clear on exit strategies, do they have more than one cloud provider, can the swap between the two and have they approached their regulators?

Gross said the efforts are fragmented when the market needs a holistic approach.

“We should do data acquisition at scale, instead we are doing it on the scale of our silos. We need to regulate technology to make it scalable,” he said. “The stars are aligned well to move everyone in the right direction,” he said. “Every firm has a data strategy, every regulator has a data strategy, everyone does it himself.”

The cloud world in finance is driven from the bottom up by technology, said Gross. “It is not yet driven by a top down vision of the whole system. We need intelligent design from top down through a concerted effort of thinking, including philosophy.”

Cloud providers have a lot of redundancy built in, said Harmon, but the framework for cloud risk analysis lacks real deep system information.

