Moving to the Financial Cloud
By Udo Steger (@usteger)
Recent regulatory requirements for cloud computing and outsourcing, published by the European Banking Authority (EBA) and the national regulators apply/will apply to payment service providers, requiring a thorough review of existing outsourcing and cloud computing arrangements, and may offer a market opportunity for specialised service providers, including “banking-as-a-service” Fintechs.
Traditionally, the financial services industry has been hesitant to adopt cloud computing for their core IT processes, mainly due to privacy, security and regulatory concerns. But cloud computing has changed the game and made it affordable even for the tiniest FinTech startup to use the infrastructure of a professionally managed and secure cloud service provider, paying only for the resources actually used. This has made it very attractive for payment service providers (PSPs) to outsource at least part of their IT systems to cloud service providers, allowing them to focus on their core business.
While Regulators worldwide have issued guidelines on the use of cloud computing here and there, regulators in the EU have long been slow to reflect this technological change. However, recently they have upped their activities, as illustrated by the EBA’s “Recommendation on outsourcing to cloud service providers” published in December 2017, and the current draft “Guidelines on Outsourcing arrangements” published for consultation in June 2018.
EBA seems to be reluctant to allow financial institutions to fully move into the “Financial Cloud”. For the EU, the fully cloud-based bank is still a regulatory nightmare. In conclusion the EBA activities are a much needed step into the right direction, and suggest that the regulators take a more relaxed approach.