Earlier this month, the Financial Conduct Authority (FCA) in the UK paved the way for banks, insurers and other financial services companies to take advantage of cloud computing services. In its detailed guidelines it talked about the need for “appropriate safeguards” to be taken by the financial organization but also that cloud technology will “facilitate entry and/or expansion, and increase the ability of financial services providers, overall, to renew their IT systems in a more efficient manner”.
Importantly, the FCA put the responsibility on these safeguards on the organizations themselves, stating: “Regulated firms retain full responsibility and accountability for discharging all of their regulatory responsibilities. Firms cannot delegate any part of this responsibility to a third party.” Although we are not the regulated part, this still means that service providers like Mambu are responsible for fully supporting our customers in ensuring they meet their responsibilities, that we enable our customers to respond easily to changes in regulation and to ensure they have access to all the data they would require for reporting.
“[cloud] help financial services businesses to innovate, with faster time to market, and reduced capital expenditure on technology resources while maintaining high levels of reliability and security.”
The FCA also made a strong step forward in working with best-of-breed cloud service providers like Amazon and Microsoft by declaring that “service providers may, for legitimate security reasons, limit access to some sites – such as data centres.” This distinction clarifies the previous ambiguity of what was meant by ‘access to assets’ and realizes that having digital access to data (available real-time) can be far more effective and safe than having to be able to physically access data centers: potentially compromising both the security of the data center but also reducing the ability of service providers to effectively leverage distributed and clustered technology where data can be scattered across multiple physical locations for both performance as well as reliability and security reasons.
The FCA announcements come on the heels of similar announcements in 2014 from the Monetary Authority of Singapore and the 2013 announcement from the Dutch national Banking regulator. All of these initiatives are designed to “help financial services businesses to innovate, with faster time to market, and reduced capital expenditure on technology resources while maintaining high levels of reliability and security.”
It’s significant for the industry to see the regulators step forward with these guidelines. Cloud technology is powering the rise of FinTech challengers and will indisputably have a critical role to play in the regulated space as well. Traditional organizations will need to adopt or change their technology and cloud is the obvious choice for most forward-thinking organizations, and will be the only practical choice for all parties in the next five years. Regulators cannot sit back with ambiguity on the suitability of cloud technology. This lack of clarity forces organizations into either poor technology decisions or those that are driven by fear and uncertainty. In either case, it makes them make backward-looking decisions rather than looking into the future.
Taking the step forward, the FCA has ensured that financial organizations have access to the best technology, that customers have the best protection and that the service providers understand clearly their roles and responsibilities. Only when there is such clarity can we drive the future of financial service forward in the century of the cloud.
With these regulators at the forefront and FinTech companies on the rise, the vector of cloud and banking technology has never been more clear.