The following article was originally published in the August 2018 edition of IBS Journal by Alex Hamilton, Senior Fintech Reporter.
Keep Calm and Cloud On
Cloud banking is swiftly becoming a must-have, even for the biggest banks. Yet, with legacy tech, painful go-lives and pitfalls a-plenty, how can they navigate this brave new world and emerge into clear blue skies?
In last year’s cloud issue, we opined that while buzzwords like bitcoin and blockchain stole the headlines, cloud got on with “business as usual”. Now, with artificial intelligence, machine learning and Open Banking taking up much of the agenda, it’s not hard to assume the same. The industry is now infiltrated with fresh banking players, all based on outsourced systems.
The three public cloud behemoths, Microsoft, IBM and SAP – who correctly worked out which way the wind was blowing – posted a combined $13 billion in calendar-Q2 cloud revenue, led by Microsoft’s particularly striking commercial cloud growth rate of 53%.
The ubiquity of the solution has meant that the European Banking Authority issued a report warning against so much widespread adoption. “A number of institutions have already been using cloud computing for non-core activities, such as customer relationship management, while some other smaller institutions are exploring the possibility of transferring entire core services to the cloud,” it wrote.
“[Risk] could be also considered important, not only from the point of view of individual institutions but also at an industry or systemic level, as large suppliers of cloud services could become a single point of failure should many institutions rely on them. Additionally, a possible impact on the wider operational risk could arise from issues with data security, systems and banking secrecy, especially when cloud services are hosted in jurisdictions subject to different laws and regulations from the institution.”
While banks’ usage of the cloud might be worrying regulators in Europe and the US, legacy technology is making its own grand effort to give authorities a headache. UK bank TSB suffered a catastrophic failure of its IT systems halfway through a switch from its legacy platform, resulting in a damaging reputational hit, as well as millions lost in compensation.
At the time of writing, IBM, which had been contracted to investigate the problem, is still trying to ascertain the cause of the meltdown.
I want it all, and I want it now
Netflix, Hulu, Amazon Prime, Spotify and other music/video streaming services have played an integral part in the lives of millennials and the generation behind them, Generation Z. It’s not only the younger stratas of society that are becoming used to and are increasingly demanding streamable services. You can get your films, music and television delivered directly to you, so why can’t you do the same with your bank? Millennials and Gen-Z are not just customers, however. They’re on the inside as tellers, loan officers or, perhaps, low-level managers. In another decade or two, though, some may be the best candidates for CEO. There will soon be a sea-change in attitudes towards new and innovative technologies. What the CEO says usually goes, so a bank must be prepared across its entire technology stack to change at the drop of a hat.
In a world in which Amazon is partnering with Bank of America and making its own furtive first steps into the banking arena, institutions must know that the industry landscape is at a crucial turning point, where being ready to tackle the future will be paramount. Yet, especially in the US, things seem to be moving a little slower than you would expect. A survey from ABA found that 29% of bankers in the country would ‘consider’ cloud, 50% were ‘unsure’ and 21% said it was something they had no intention of implementing.
“A major factor inhibiting financial institutions from changing to cloud-based technology is a lack of understanding. Therefore, we strive to educate them on the many benefits that come along with it,” says David Mitchell, president at cloud technology vendor Nymbus.
“Rather than simply telling financial institutions to move to the cloud, much of 2016 and 2017 were spent having conversations around what it means to be hosted on a private cloud and the numerous benefits that come along with it. Also, many banks and credit unions had not yet realised the urgency in going through a digital transformation. Even today, we continue to have conversations to help them understand that such a transformation is critical to their ultimate survival.”
A secondary result of a lack of understanding are worries about data security. Commercial cloud storage systems encode each user’s data with a specific encryption key. Without it, the files look like gibberish – rather than meaningful data.
But who has the key? It can be stored either by the service itself, or by individual users. Most vendors keep the key themselves, letting their systems see and process user data, such as indexing data for future searches. These services also access the key when a user logs in with a password, unlocking the data so the person can use it.
This is much more convenient than having users keep the keys themselves. On the other hand, it’s also less secure: just like regular keys, if someone else has them, they might be stolen or misused without the data owner knowing.
When it comes to public, private, and hybrid cloud solutions, the possibility of compromised information creates tremendous angst. Organisations expect third-party providers to manage the cloud infrastructure, but are often uneasy about granting them visibility into sensitive data.
Overall, there is reticence to move PII and sensitive tier one information to public clouds, such as a banks’ financial statements and results. Over half of interviewees in a ActiveViam survey felt that tier one data and PII should not be prioritised for public clouds. This might not sound surprising, considering the regulatory and reputational issues involved.
The dangers posed by data leaks and general compliance challenges, including GDPR, are still defined as the biggest threats preventing public cloud migration, with more than half of interviewees stating compliance as their major worry. If there is a data breach and unencrypted PII should leak, local data protection regulators need to determine where the fault lies: at the bank, the vendor or the vendor’s subcontractors. With GDPR coming into force, there is just as much penalty emphasis on the vendor (the ‘data processor’) as there is on the bank (the ‘data controller’).
For its part, Nymbus deploys a private cloud for each of its clients. According to Mitchell, this means that compliance becomes “significantly easier, faster and cheaper to achieve”. He adds that unlike the public cloud, the private cloud allows hardware performance, network performance and storage performance to be specified and customised to each institution’s business needs. This provides a level of customisation institutions aren’t experiencing today. The private cloud also offers the ability to hybridise virtual servers and dedicated servers; if an institution requires custom or dedicated servers to run custom applications, that hardware can be integrated into their private cloud.
“Upgrades and maintenance also become much easier,” he says. “In the public cloud, institutions lose control of schedules and are forced into the timeframes of the cloud provider. With the private cloud, Nymbus can work with each institution to define upgrade and maintenance windows to minimise disruption to its business. Other benefits and efficiencies gained from cloud core technology include unlimited data storage and the elimination of all hardware.”
Making the change
With cloud becoming increasingly ubiquitous, and with customers pressing banks to offer more agile, intuitive and modern services, how can a bank – whether a small community institution or million-customer player – make that crucial move? “Today’s radically different consumer demands and expectations threaten to reduce financial institutions to low-margin utilities, further distancing them from owning the consumer relationship,” says Mitchell. “To avoid this, financial institutions are beginning to realise the new reality and the significant problems they are facing, and the steps that must be taken to overcome them; changing to cloud-based technology is that first step.
“In order to make a change, it’s important to start by obtaining as much information as possible. Financial institutions that have realised the need for cloud-based technology should immerse themselves in what’s changing/trending in the industry. This includes reading news sources to stay up-to-date and having conversations with new players in the market. Even if they are not going to pursue those opportunities, having educational conversations is a great way to get to know what options they have when they’re finally ready to transition.”
The selection of proper partners is another major step in ensuring a smooth transition. “I firmly believe in the power of building meaningful relationships in business, and I have a team who believes in the same,” says Mitchell. “We put our clients and prospects at the heart of everything we do and we always act with honesty and integrity. We also stress the importance of communication and being transparent. Not only does it make the entire experience better for both parties, but it also creates the foundation needed to be successful.
“A smooth implementation is also dependent on having the right people in place at the financial institution. Equally important is providing those people with the right tools. Having strong leadership and a team that can adapt to the technology change is critical to their success. They must also ditch the mindset of ‘this is the way it’s always been done’. Having training materials in place and a developed implementation plan will provide them with the resources they need to succeed.”
Too big to innovate?
Surely there are many tier 1 banks that would like nothing more than to switch their Core Banking systems. But when a Core Banking switch comes fraught with danger, will they ever pull the trigger? “The cloud is a business asset no modern bank can afford to bypass,” says Mitchell. “Sure, there is a level of risk, but that stands for any sized bank. It has become clear that any financial institution relying on a legacy infrastructure cannot compete against faster and more innovative digital competitors.
“Cloud-based cores make it possible for financial institutions to accelerate their growth unlike ever before. Modernising their existing technology environments enables them to automate operations and workflows, resulting in increased efficiency and cost savings. With the right digital partner, these organisations are set up to rapidly respond to new digital products and services for serving their current and future consumers.”
So, when our special on cloud rolls around in 2019, will we be writing about the same trends, the same “keep calm and upgrade to cloud” undercurrent? Mitchell thinks there will be “a lot of movement” when it comes to banks shifting from their legacy systems to cloud-based, digital-first solutions. “More institutions are becoming aware of the urgency to implement modern software and partnering with fintech companies to fuel their success,” he says. “I believe there will only be greater momentum by summer 2019 as more financial institutions explore alternative solutions and realise the power of the cloud.”
Findings in a ActiveViam survey seem to indicate as much. Budgets are increasing by up to 70% in the next two years to cope with then initial spin-up fees. On the whole, respondents believe IT budgets for public cloud projects will rise by 6% to 10% in the next two years. 55% of respondents are already using public cloud services, or are aware of public cloud services being used by another line of business in the bank. On top of that, 64% of respondents intend to migrate certain systems to public clouds in the next two years, or are aware of their banking clients doing so.
Banking and financial services is known as a risk-averse sector, and there can’t be much blame leveled at CTOs and CEOs for that reputation. Trying to keep control of reams of data, while also innovating for a service-hungry customer base is no easy task. Yet major questions about the implementation of cloud-based systems are starting to be answered, and we all know the waterfall effect technological change can have in an industry. Perhaps that tipping point, for Core Banking on the cloud at least, will occur in 2019.