Many forward-thinking financial organisations have started adopting Software-as-a-Service (SaaS) to capitalise on innovation, accelerate entry to new markets and offer services which disrupt the businesses of existing banks.
As SaaS has gained momentum, it has also gained the attention of global regulators with a growing demand for risk management and business continuity planning. A new study from IDC Financial Insights, Cloud Computing and Regulation in Banking, predicts that cloud computing in banking will transform the industry in a few years, as regulators update policies to address technology partners.
In the UK, the Financial Conduct Authority (FCA) requires third-party service providers that drive “critical” business operations to be categorized as outsource service provider (OSP). This holds technology providers accountable for how their technology impacts a financial institution’s operational risk.
The FCA has specified that banks have to “provide reasonable assurance” that every outsourced service provider “will deliver its services effectively, resiliently and securely” and have “appropriate arrangements” to enable “on-going oversight” of its OSPs. The FCA emphasises the importance of exit plans that enable financial institutions to transition to an alternate service provider and recover data safely and securely.
Technology providers like Mambu must, therefore, develop their products with the highest level of security and business continuity in mind. This means understanding when a public cloud-hosted solution can be used to provide speed and scalability and when additional regulatory requirements require various form of data access and to be able to provide this in a secure, cost-effective way. In all cases, an effective exit arrangement is essential to ensure strong commercial security.
This can be achieved through an independent, third party provider of assurance solutions, such as NCC Group, whose SaaS Assured service combines software escrow with business continuity for risks mitigation. Partnerships, such as this, allows “critical” technology providers to save a copy of the software code and ensure service continuity for a pre-determined period in the event of a disaster: a strong balance of leveraging the innovation possible in the cloud with a reliable Plan B to ensure business continuity.
“For Europe as a whole, so long as banks and their technology partners can point out exactly where their data is being stored, and so long as they engage with the regulators from the start of any project, they may expect a positive response from regulators,”
Cloud technology and SaaS provide financial services organizations the opportunity to bring banking services to the 21st century, offer customers better experience, more product choice and address markets underserved by the large incumbents.
Regulators have rightly recognized the critical role that technology providers play to support key business processes.
In turn, technology providers need to ensure consistent and reliable delivery of these services that financial institutions depend on to reinforce trust and extend the potential for future innovation and growth.