AFME urges faster adoption of cloud computing in capital markets

AFME urges faster adoption of cloud computing in capital markets

The Association for Financial Markets in Europe (AFME) has set out 14 recommendations to help realise the full potential of public cloud computing across the capital markets industry, as issues around legacy technology, security and regulatory concerns and standardisation slow uptake.

The recommendations for banks, cloud providers, regulators, and the industry as a whole aim to increase the transparency and collaboration required to build further confidence, trust and capability in public cloud.

James Kemp, managing director, head of technology and operations at AFME, says: “The use of public cloud in financial services offers significant opportunities and benefits for all parties. However, to realise these and increase adoption it is vital that the whole industry, including banks, cloud providers and regulators, continue to collaborate. This includes ensuring the knowledge, skills, security and risks are appropriately assessed and identified throughout this long-term transformation.”

While AFME members identify ample benefits in business agility and innovation, improved cost management and efficiency, and enhanced client experience and service offerings, the paper finds that banks are still at an early stage of adoption. Over two-thirds of AFME members involved in discussions estimated that only one to 10% of their bank’s current workload was using some level of public cloud today.

Popular use cases include, capacity bursting; running sophisticated data analytics for detecting market abuse; supporting innovation projects , and improving resiliency.

In order to support continued public cloud adoption, AFME proposes 14 recommendations for banks, cloud providers, regulators, and the industry as a whole, with 4 key themes emerging:

  • Banks should design their public cloud strategy with a clear and realistic target operating model, review and reprioritise accordingly, and ensure executive sponsorship throughout adoption.
  • Cloud providers must continue to engage with banks and regulators to support building the capabilities and assurances required (e.g. legal, regulatory, privacy), and support increased standardisation.
  • Regulators can support greater regional and global harmonisation, in respect to requirements for both public cloud adoption and supervisory practices, that will reduce the complexity for bank adoption.
  • The industry as whole must continue to share knowledge, best practice, and promote standardisation and consistency, in how public cloud is adopted.

Comments: (2)

Ron Troy
Ron Troy - RT MDS Consulting - New York 05 November, 2019, 14:46Be the first to give this comment the thumbs up 0 likes

A good reason to go with the cloud is if you have a small firm without a substantial dedicated support staff, or if a given service is one that is not central to what you do.  For instance, it might make sense to have a cloud based Market Data feed system if it can be done without adding noticable latency, and may be even more timely in algo trading.  Same with certain types of trading systems.  But while the solutions may be called 'cloud' based, they work best with direct comms to the providers without any public / external exposure.

Indeed, exposure to the Internet is a huge concern security wise, also reliability wise.  DDOS attacks, hacking in general, are all things to be avoided, especially where loss of service or hacking can put the business in danger.  Yet with good enough security, some access via the Internet might make sense.  Salesforce is one example, because you have users in the field, not just in an office.  Or Market Data management systems, but in that case you should still explore direct lines to the vendor.  

So while cloud can make sense, it also brings dangers if not handled well, especially if communications go over the Internet.  Think it through before you plunge in!

Andrew Smith
Andrew Smith - RTGS & ClearBank - London 06 November, 2019, 18:14Be the first to give this comment the thumbs up 0 likes

From my experience, regulators are more advanced (here in the UK) than many give them credit for. If you are open, transparent and can prove you have the right system controls in place (security included), that you understand reslience, that you understand data residency and you have the right set-up with your chosen cloud provider, and that you can maintain that right to inspect. Then there should be no issues....Remember you can outsource the tech, the data region to the cloud, but NOT your firms or individuals accountability.

Many of the concerns raised are often due to a lack of knowledge regarding the actual implementation of a cloud based compound. For example, you can have entire subscriptions within Azure that have no public internet access at all! This means from an operational perspective you maintain it in the same ways you would a private datacentre that had zero internet cables running in and out of it. This is all possible, and no, you don't need to access the physical compound. The Cloud is far more resilient than any on-prem private infrastructure could be, and that includes protection from DDOS attacks etc etc....

Cloud providers are open to discuss and walk you through this stuff. Azure provides an FCA based ammendment for example, which, if you are thinking cloud, go and speak to Microsoft about, as it provides at a contratural level all the things you need, policies, process and procedures to support a financial based company.

If you aren't thinking a move to the cloud, then you will be left behind. That is the way of the world...