As banks’ cloud spending surges, financial regulators encourage a multicloud approach

Financial regulators and industry oversight boards are casting a closer eye on banks’ cloud expansion.

Aaron Ricadela | January 19, 2022

After a decade in the cloud computing slow lane, global banks are hitting the gas to accommodate swelling data volumes, serve customers with fewer branches, and speed digital products to market.

Now, financial regulators and industry oversight boards are casting a closer eye on banks’ cloud expansion, urging them to parcel IT work among multiple providers to keep outages or security breaches from becoming systemic problems and avoid becoming too dependent on any one provider.

The financial services industry has trailed other sectors in moving to the cloud—largely because of regulations or internal requirements about security and data privacy that kept computing on-premises. It’s also been daunting for banks to move their intertwined, often decades-old systems to cloud infrastructure and applications.

But the pandemic has put pressure on banks to offer cloud-based digital services faster as they closed branches or curtailed their hours, while so-called open banking rules in Europe compel data sharing between banks and fintechs. Public clouds offer banks access to AI services for better predicting business trends while helping them be more resilient against hackers and outages than on-premises software and hardware that needs regular updating and patching.

Banks’ spending on cloud computing services is forecast to grow more than 16% a year through 2024, to $77 billion, compared with 4.5% annual increases in their overall IT budgets, according to market researcher IDC. Just 8% of global banking workloads in run in the cloud, according to a survey of 100 global banks by Accenture, though the consultancy expects that to double within two years. As crucial operations, such as payment systems, move to the cloud, central bankers and industry regulators are watching what new risks these shifts may create. Among the most notable examples:

  • In the United States, the Financial Industry Regulatory Authority (FINRA) said in a report last August that broker-dealers should be able to switch cloud providers when needed and “consider the risks associated with vendor lock-in.” FINRA said brokerages should weigh “whether multicloud or hybrid cloud options are compatible with their business needs” and consider “an exit strategy to mitigate against an unfavorable lock-in scenario.”  
  • The Bank of England’s Prudential Regulation Authority, which supervises 1,500 financial institutions, is considering gathering more data from public cloud providers to gauge the resiliency of their services, the Financial Times reports. The regulator last year said it expects firms to reduce (PDF) “concentration risks or vendor lock-in [and] multiple arrangements with the same or closely connected service providers.”
  • The European Banking Authority’s outsourcing guidelines (PDF) warn against dealing with “a dominant service provider that is not easily substitutable.” EU banks should be especially vigilant with cloud computing so there’s no “single point of failure,” the banking authority says.
  • The Monetary Authority of Singapore, which regulates the country’s banks, has urged them to manage confidentiality and other data risks if they use clouds with shared tenancy. It also warns against serving multiple customers from the same servers and databases.
  • The Bank of France, concerned about reliance on a concentrated number of cloud providers, said last summer that lenders need a written contract that clearly defines controls over outsourcing IT.

Good business sense

Turning to multiple cloud providers isn’t just an emerging regulatory imperative—it also makes good business sense.

Businesses in a variety of industries are moving computing to multiple clouds in order to tap specialized capabilities from providers, get better prices for specific workloads, avoid vendor dependence, and take advantage of scalability. Oracle, for example, works with Microsoft to connect Azure cloud services to Oracle Cloud Infrastructure and Autonomous Database, using Microsoft Azure Interconnect service.

Financial services companies that use Oracle databases and applications on-premises are moving critical trade finance, corporate lending, cash management, and payment software to the cloud.

Deutsche Bank is moving key trading, risk management, and capital planning software to databases running on Oracle Exadata Cloud@Customer, while keeping other workloads on Google Cloud. And Spain’s BBVA uses Oracle Cloud for machine learning in its marketing department, while running other work on Google Cloud.

Deloitte had named cloud governance and security one of its IT audit “hot topics” for 2021, saying financial companies in particular need to assess and manage “overreliance on one of the top three cloud service providers to support critical services.” The Carnegie Endowment has found that companies can mitigate downtime risk and vendor lock-in by running on more than one public cloud and ensuring interoperability. That’s especially important because some of the biggest users of cloud services are in the critical sectors of banking, telecom, and power generation, the policy researcher found.

Aptitude needed

To be sure, banks need to make sure they have the aptitude to execute a multicloud strategy by managing workloads across cloud environments. Open source software and software containers—which house software components that work in concert across different programming languages—can help businesses use different clouds or switch among them.

Banks’ initial hesitancy about moving workloads to the cloud is easing, as their leadership becomes convinced of cloud computing’s ability to save them money and let them do work they can’t on-premises, such as letting risk teams perform more frequent analysis or feeding financial models with more real-time data. Regulators aren’t stopping them, but more are pushing banks to spread their risks among multiple cloud computing providers. As they do, that may open the door for more businesses—including companies in other industries—to consider the multicloud model’s advantages.

View more Oracle Connect articles

  • Oracle Financial Services

    Deliver world-class customer experiences that build loyalty and drive growth. Rapidly respond to what your customers need and improve your business operations with Oracle’s data-driven applications and cloud services.

  • Oracle Interconnect for Azure

    Oracle Interconnect for Microsoft Azure provides organizations with a simple migration path to a multicloud environment that includes Oracle Database capabilities such as Oracle Exadata Database Service, Autonomous Database, and MySQL HeatWave.