Take me to...
The potential benefits of transformation to a cloud-first technology strategy are well understood, but in the financial services industry in particular they have been difficult to realize. Large banks have well documented challenges within their existing environments, with outages and data breaches creating global headlines. Regulators do not look kindly upon those whose legacy technology stacks fail to achieve the target uptime SLA that ensures citizens and businesses can transact and live their lives seamlessly in the new digital economy. Such is the regulatory scrutiny of cloud; some bodies are creating new guidance for banks, in an effort to support cloud adoption but maintain standards for risk documentation.
The internal approvals process for on-premises technology is a well-trodden path and like all innovations the shift to the cloud requires scrutiny from security and compliance teams (which sometimes include checks with regulators) and may include the mapping of controls from suppliers with the controls the security teams expected suppliers to meet.
Rising digital transactions, both payments and access to online or mobile banking services, are creating increasing pressure on creaking systems just to maintain baseline services. And this is before financial institutions begin to innovate and differentiate competitively. Added to this, rising digital transactions also mean rising fraud rates, which create further regulatory scrutiny, poor customer experience, and spiraling losses for the banks. Stability can no longer be guaranteed with the old school adage, “If it ain’t broke, don’t fix it”.
Inertia in the digital transformation of core services such as payments, is often a result of resource constraints. Historically, the Capital Expenditure (CAPEX) costs and the foresight and planning required along with long slow budget cycles to have new servers ready was no longer manageable with the rate of market change. Hardware costs and delays have worsened with pandemic supply chains. Although now, the biggest challenge for technology leaders is staffing their teams with technical expertise suited to cloud environments and supporting their cloud-first technology strategy.
Running high-throughput, mission critical systems in the cloud has been slow to emerge in financial services because it’s not as simple as ‘lift and shift’. Existing systems are often highly customized and based on legacy technologies, which new cloud-native teams are not always able to migrate with certainty. Financial institutions who plan to lift and shift their applications to their cloud, including homegrown systems, often find that there is little advantage gained in terms of speed of changes once live. As banks with complex legacy systems have found, many vendors have underestimated the work needed to optimize their systems for the cloud, so even with licensed software a lift and shift tactic is not necessarily a sound one.
The journey to cloud is perhaps the most difficult challenge to overcome, with many legacy vendors not really providing credible pathways to on premise customers, even if they have a Software as a Service (SaaS) offering.
What we now see emerging, is a new breed of established scale ups who are quickly pivoting their technology strategies to optimize their solutions for the cloud. Unhindered by large numbers of customers with complex and customized on premise deployments, and still ‘young’ enough to have an agile and fail-fast mentality, they are able to develop not only cloud-optimized versions of their solutions but also migration paths to cloud deployments for their customers.
In relation to payments fraud and financial crime in particular, the definition of the cloud modernization pathway has to consider the specific regulatory oversight and uptime requirements of a financial institution in that jurisdiction, as well as mandates that may come from the payment ecosystem. Card networks and payment schemes issue new mandates on transaction formatting and risk reporting more frequently than ever, and central and reserve banks are beginning to define new taxonomies for fraud rate reporting. All of this needs to be considered in how a cloud-based risk platform will meet the needs of the bank.
Overcoming the operational challenges posed by increasing demands on legacy systems does require a transition to a cloud environment that can efficiently support the peaks and troughs seen in payments and fraud prevention on those transactions. Many payments businesses see unexpected peaks in the data submitted to their solutions, this can sometimes be time predictable (such as Black Friday and Cyber Monday). With legacy on-premises technology or ‘lift and shift’ cloud approaches, infrastructure resources can be very limited or rigid due to design. It only takes a small set of unexpected data to cause issues, and without a way to predict or absorb the peaks the risk of downtime remains high.
With all of these challenges in mind, it becomes even more critical that banks and financial institutions make the right strategic choices for their business when transforming to the cloud. Addressing two key questions will help teams to make the right decisions.
1.Will it be Private or Public cloud, or SaaS?
2. How has your system been architected for the cloud?
If your organization has a strategy to build rather than buy, then it is probably considering building an application to be hosted in the public or private cloud. This is a strategic decision for organizations that are looking to platform their solutions, and even offer them as a service to other financial institutions. Achieving this requires realignment of budget and investment cycles, decision making, team structures and more in a bid to be nimbler as a business, to feel the benefit of the cloud.
Some financial institutions have looked to lift and shift an existing system to public or private cloud environments, as it can seem like the path of least resistance. Although the reality of uplifting a legacy system to perform optimally in the cloud should not be underestimated.
If a financial institution’s strategy lies in getting back to the business of banking or payments and pivoting away from owning and managing its own technology stacks, it’s likely they are considering SaaS. In recent years we have seen an increase in Banking as a Service providers, looking to alleviate this pressure for financial institutions. But although they want to reduce the operational and technical complexity they have inadvertently created over the past decades, they want to acquire the technical skills to operate cloud platforms and retain control of their own go-to-market strategies.
It’s now well understood that developing from scratch or rearchitecting a system for the cloud is a significant investment. When considering a cloud strategy, financial institutions must evaluate if a solution is going to perform optimally in the cloud environment of choice. Even if a solution is built in-house, collaboration is needed across the organization to ensure the needs of the business will be met by the cloud architecture. And evaluating the architecture of any solution provider is a core part of the SaaS procurement process.
For those financial institutions who are following a SaaS strategy, choosing the right partner is essential. Experience in deploying, managing, and upgrading fincrime platforms in the cloud must be considered in order to meet regulatory and risk management requirements.
Alongside scalability and capacity needs, a motivating driver for many banks in modernizing their fraud prevention and Anti Money Laundering (AML) technologies is to reduce their fraud losses and manage risk exposure. To this end, most look to include the adoption of machine learning into that modernization strategy. Machine learning in the cloud demands precise orchestration capabilities to ingest data inputs from across the bank’s complete environment (both on and off premise) and in line with the required data schema to feed the models.
Technology teams will be familiar with the internal battles between organizational teams. Often Product teams push for SaaS to capitalize on the innovation and speed to market benefits. Information Security (InfoSec) teams tasked with maintaining data privacy and security may be more wary. InfoSec leaders know their existing processes, SaaS represents something new, unknown, and potentially risky. But the reality is that leveraging the cloud has shifted from risky, to a risk mitigation strategy. Post-pandemic every financial institution is clear that remote work must be supported, and cloud is a pillar of that strategy, even for fraud and AML.
The benefit of SaaS for the bank is that the platform provider manages the update process, but for fincrime platforms the risk is choosing a generalist partner without the specialist expertise to support the continuous optimization of fraud prevention and AML strategies. The right partner in a cloud deployment can also lighten the workload burden for technology teams, by reducing the operational overhead of Business as Usual (BAU) and maintenance, as well as helping to close the knowledge gap as teams evolve.
If banks want to move fast and innovate, the cloud is what enables businesses to do that by removing operational overhead and releasing resource for innovation. We’ve already seen this happen in other industries, with productivity suites for collaboration, or marketing systems for automation and customer relationship management.
Large scale computing resources are no longer cost effective to build for private companies, where their growth is limited by the physical footprint of the initial investment. Major cloud providers can offer massive elastic resources to remove the challenge of scaling up the business.
We now see cloud powered progress in achieving digital transformation goals in financial services. For established banks, processors and acquirers competing against new neo banks and fintechs born in the cloud, it is a matter of survival that they migrate. Selecting the right partner for that migration is an innovation imperative.
Life is now cloud powered. And so are we.