The hype is certainly out there, with news items almost
daily on how bank sector uptake of cloud based services is exponentially on the
increase and both banks and their clients reaping the benefits. In-country
regulatory guidelines are increasingly tolerant of banks’ use of the cloud,
albeit with certain caveats. Most recent was the Central Bank of the Philippines
in August, which followed South-East Asia’s exponent of cloud computing,
Singapore. While cloud computing is expected to consume only a fraction of the
US$180bn IT spend anticipated for the global banking sector this year, by 2015
some analysts estimate a US$26bn spend on cloud services. So the sector is
moving in the direction of the cloud, but at what point and for what
applications should a bank or corporate join in?
What is the
Before looking at the applicability of cloud computing for
bank/corporate integration, it is worth taking a step back and trying to define
what cloud computing really is. Other than the white fluffy airborne sort, you
won’t find clouds defined in any reputable dictionary, so the term is often
mis-used. Cloud computing is really an umbrella term used to refer to Internet
or other third-party based development and services, with attributes defining
cloud data, applications services and infrastructure that include:
- Remotely hosted: Services or data are hosted on remote infrastructure.
- Ubiquitous: Services or data are available from any geographical
- Commodified: Pay as you go/pay only as you use, with a
computing model similar to that of traditional utilities such as gas and
- Elastic: Can scale up and down as usage demands.
- Multi-Tenant: The same infrastructure is shared by multiple entities
(corporates and banks and their different branches and users in our case).
- Human Resource Efficient: In-house IT can be radically scaled down, as most
infrastructure is managed in the cloud.
Cloud computing therefore
covers both data storage and outsourced running of business applications –
so-called Software as a Service (SaaS) – in any manner as long as it is
off-site. Similarly, cloud computing can refer to a broad set of hosting
scenarios. These range from simply hosting one’s business application (e.g.
enterprise resource planning (ERP) system) with a third party on a single
unshared server to deploying across a geographically distributed service
accessed by many other enterprises and users with your data or application
sharing servers with others and residing anywhere in the world. The level of
service from the cloud provider may also vary, from full outsourcing where the
provider looks after every aspect of the application’s running to purely
providing a hosting infrastructure, which the user accesses remotely.
Despite media messages to the contrary, the banking
sector has been reluctant to fully embrace cloud services. Concerns centre on
several straightforward issues, including:
- Security and Privacy:
Who could access your data and interfere with your incoming and outgoing
- Service Levels: Guaranteed up-time and processing speed.
- Software Maintenance: Quality of software releases.
Compliance: Staying in-line with local jurisdiction requirements, such as where
- Loss of internal know-how: Increase in the amount of
control the cloud provider exercises in the running of mission critical
- Legacy migration: Cost of moving existing on-site run
applications into the cloud.
So while the above-listed attributes of
the cloud do bring clear benefits in some sectors, such as non-sensitive retail
applications that require large scale processing power or data storage
processing (for example, on-line video on demand), given the perceived risks,
banks and corporates continue to ask questions about the applicability of the
cloud in the finance sector. These questions are particularly relevant to
corporate channel banking integration, where the high value/volume external
transaction environment is especially susceptible to computer fraud.
The Wrong Kind of Cloud?
To answer those questions, and hopefully
disperse some of the surrounding fog, it is necessary to revisit, categorise and
refine the definition of cloud computing to establish how and when the cloud can
bring benefits to channel banking integration.
The most important
distinction to make is that between the ‘public’ and ‘private’ clouds. Public
clouds are shared, often geographically distributed services that should only be
used for a limited range of banking IT functions. They are often offered by the
giants of the Internet, such as online retailer Amazon with its EC2 elastic
compute cloud. These public clouds often provide enormous computing power at
fractional cost, so are useful for speeding up resource heavy processes. One
recent case study showed a bank that outsourced its Monte Carlo risk
calculations to EC2, completing a run that had taken 20 hours in just 20
However, core processes, such as channel banking
integration, do not lend themselves to public cloud services, and indeed would
likely be rejected by most regulators.
Private clouds, on the other
hand, can and do bring benefits. A private cloud operates in a known
geographical location or locations and is more likely to offer guaranteed
services levels. A further consideration is ‘supply chain transparency’, where
both the service provider operating the data centres and the suppliers that work
with that provider are known to the bank. In some regulatory jurisdictions (such
as Luxembourg where my company B2 Group has its data centres and cloud
offering), all suppliers to the cloud operator must also be financially
regulated. My first hand experience providing banks and corporates with cloud
based services for client on-boarding and automated channel integration (as the
B2 Group does to an international clientele) is that anything other than a
heavily-regulated private cloud offering would be rejected by corporate, bank
and regulator alike.
Emerging markets, with less legacy
infrastructure and without the facilities of richer territories, also find the
benefits of cloud services tempting, with Microsoft already forecasting that
Africa will lead the way in financial sector use of the cloud. However, just as
with their northern hemisphere counterparts, Africa’s regulators insist on
mission critical functions being controlled.
For example, South
Africa’s Protection of Personal Information (PPI) Act impacts on any
organisation which processes personal information of third parties, precluding
the use of the more public types of cloud service. India’s Confederation of
Indian Industry (CII), is more cautious, and in its latest report with PwC says
that banks would need to institute “fundamental technological changes” to adopt
new technology such as cloud computing, SaaS, social media and green IT
ventures. However, consulting and research firm Gartner predicted back in 2012
that nearly 20% of companies worldwide would not ‘own’ IT assets, with
India-based companies expected to represent 20% of the leading cloud aggregators
globally. Corporates may well lead the way in some markets.
suitability of software to run in a cloud environment is also critical.
Applications must be built for ease of maintenance and remote deployment,
otherwise maintenance will be higher than it would for an on-site application
and wipe out the cost benefits of using the cloud. Some software lends itself
to remote installation, other software does not.
Banks and corporate
treasurers seeking to benefit from cost reductions and simplicity of processing
are not, therefore, faced with the question “Should I use the cloud?” Rather,
the question to ask is: “What sort of cloud service should I use for which of my
business processes supported by which particular software components and in
which particular territories and markets?”
Cloud computing is
certainly here to stay and on the increase, but the level of uptake and benefits
gained by banks and corporates for critical functions such as channel banking
remains to be seen. Much will depend on informed choices to overcome very
sensible misgivings regarding what can be viewed as both a leap forward in cost
reduction and operational efficiency and a leap backwards, if left uncontrolled,
in security and service levels.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Despite all the automation and improvements that digital banking has the potential to achieve, customers and their needs still form the very core of the banking sector.
Banks might feel justified in victim blaming when fraud occurs, but it does little for customer confidence.