Connect with us

Finance

GOOGLE CLOUD STUDY: CLOUD ADOPTION INCREASING IN FINANCIAL SERVICES, BUT MORE GUIDANCE NEEDED FROM REGULATORS

Published

on

By Zac Maufe, managing director, Google Cloud, Financial Services

 

The financial services industry is evolving at a rapid pace, with shifting consumer expectations, new technologies, and developing regulatory requirements. Financial services firms need the right technology to help them stay agile and prepare for the future.

The cloud is a key point of leverage for firms looking to improve performance across a broad range of activities. Moving to the public cloud can advance operational resiliency, improve staff productivity, increase regulatory compliance and enhance business model innovation.

However, there are a number of financial services companies that are still hesitant in their cloud journeys. The barriers to adoption vary, from the complexity of legacy systems, to trust and skills gaps, regulatory uncertainty, and fragmentation of compliance requirements. Although many companies have embraced the benefits of cloud technology, more robust cloud adoption—especially around core back-office functions—will require additional facilitation, including through regulatory harmonization and streamlining.

 

A new comprehensive study on cloud adoption in financial services

To better understand the challenges and opportunities of cloud adoption in financial services, Google Cloud commissioned Harris Poll to survey more than 1,300 leaders from the financial services industry across the United States, CanadaFranceGermanyUnited Kingdom, Hong KongJapanSingapore and Australia.

 

There were five noteworthy takeaways from the study:

  1. A vast majority of financial services companies are already using some form of public cloud. A large number of surveyed financial services companies (83%) report they are deploying cloud technology as part of their primary computing infrastructures. Of those using cloud technology, the most popular architecture of choice is hybrid cloud (38%), followed by single cloud (28%), and multicloud (17%). Notably, of respondents without a multicloud deployment, 88% reported they are considering adopting a multicloud strategy in the next 12 months.
  2. Financial services institutions in North America are leading in cloud adoption. Of the financial services companies who are implementing a cloud strategy, the highest levels of cloud workload adoption were reported in North America, with institutions in the U.S. (54%) and Canada (52%) leading the way. The lowest level of cloud adoption was reported in Japan (42%).
  3. As financial services companies continue to use the cloud, more core functionalities can and will be migrated. While many financial services companies have migrated substantial workloads to the cloud, the industry is far from full adoption when it comes to core, back-office workloads. Of financial services companies currently using a majority cloud strategy in the United States, for example, only half (54%) of their workloads are fully deployed in the cloud. Data and IT security (74%), regulatory reporting (57%), and fraud detection and prevention (57%) rank among the highest workload adoption. Core underwriting activity (40%) and data reconciliation (48%) ranked lowest. Across Europe, cloud usage for core activities like underwriting also scored low with the UK listing only 30% adoption.
  4. Among respondents, there is a very strong positive perception of the potential for cloud technology to assist in business operations and regulatory compliance. Nearly all respondents (>88%) agreed that cloud adoption can:
    1. help adapt to changing customer behaviors and expectations,
    2. enhance operational resilience,
    3. support the creation of innovative new products and services,
    4. enhance financial services institutions’ data security capabilities, and
    5. better connect siloed legacy software infrastructure within financial services institutions.
  5. Certain regulator-induced challenges, including the complexity of sectorial compliance frameworks and fragmentation, create hurdles to cloud adoption for financial services companies. While 88% of respondents had a positive view of current regulatory efforts to provide guidance and clarity for cloud implementation, the results showed that more needs to be done to facilitate adoption. Most respondents (84%) agree that regulatory reviews and approvals take too long because of regulatory fragmentation across regulatory bodies. And 78% say that regulatory uncertainty over the use of public cloud prevents their organizations from adopting cloud technologies that would otherwise provide benefit to them. Additionally, a third of all on-premises respondents (38%) say that the large investment of resources for the regulatory approval process is a reason why they’re not using cloud services.

“While many banks have already deployed hybrid cloud environments, others are still in various stages of planning and deploying,” said Jerry Silva, research vice president for IDC Financial Insights. “Clearly, hybrid infrastructure is a reality, and financial institutions must focus not only on leveraging the modern infrastructure model to gain efficiencies, resilience and agility, but also on taking the necessary steps to manage such environments, including the security and compliance of cloud services.”

 

Future recommendations for financial services regulators

Financial services firms should continue to maximize the potential of technology by migrating more core workloads to the cloud, as well as actively considering multicloud and hybrid-cloud strategies. Such strategies enhance resiliency of existing IT infrastructure and reduce concerns over vendor lock-in.

The research also points to steps that regulators could take to provide additional clarity and guidance, such as aligning regulatory reviews across agencies to avoid fragmentation; developing regulatory “safe harbors” for cloud adopters based on adherence to accepted standards and best practices; training regulatory staff on emerging tech; and advancing data reporting requirements via cloud and related technologies.

In the past few years, many regulators across the globe have taken a robust approach to rationalizing rules and guidance to cloud adoption in the financial sector, which has helped significantly stimulate adoption. But further assurances and harmonization of best practices around supervision is needed to advance risk-based and secure digital innovation.

At Google Cloud, we’re committed to working with financial services customers and regulators to provide them with controls and assurances on risk management, data locality, transparency, and compliance. We are constantly engaging with regulators to share information, respond to their considerations and concerns, and address questions in the interest of transparency and building trust.

 

Research methodology

The survey was conducted online by the Harris Poll on behalf of Google Cloud, from December 7, 2020, to January 4, 2021, among 1,363 senior executives in France (n=113), Germany (n=178), the UK (n=192), Hong Kong (n=99), Indonesia (n=100), Japan (n=142), Singapore (n=71), Australia (n=134), Canada (134), and the United States (n=200) who are employed full-time, part-time, or self-employed whose main functional role is in risk/compliance or IT at a company in the banking, finance, or financial services industry with a title of director level or higher. The data in each country were weighted by the number of employees to bring them into line with actual company size proportions in the population. A global post-weight was applied to ensure equal weight of each country in the global total.

 

Finance

Mini-Budget 2022:

Published

on

By

Tax giveaway is a boost for business, but will it drive growth or fuel inflation?

 

Chancellor Kwasi Kwarteng has announced a comprehensive wave of tax cuts and other incentives for individuals and businesses, as well as confirming some of the announcements made earlier this week.  The measures are part of a new Growth Plan, which is aiming to boost economic growth. However, only time will tell if they will curb inflation and temper recession concerns.

Richard Godmon, tax partner at accountancy firm, Menzies LLP, said:

“With another fiscal statement to follow, this mini-Budget is a defining moment for the new Government and tax cuts are firmly back on the agenda.

“The biggest surprise was the decision to simplify Income Tax by moving to a single higher rate of tax for high earners of 40%, with effect from April next year. This will encourage a spirit of entrepreneurialism by incentivising work and putting money back into the economy. The flip side is that the Government might also be hoping that the move increases the tax take, as it could help to draw people back to the UK who may have previously chosen to live and work elsewhere, while encouraging others to stay put.

“The reduction in dividend tax rates and the abolition of the additional rate of tax from April 2023 means that business owners will need to consider carefully the timing of dividend payments over the next few months.”

Up to 40 new Investment Zones

The Chancellor also outlined plans to create up to 40 new ‘investment zones’ in England, with the potential for more in Wales, Scotland and Northern Ireland. Businesses in these zones will benefit from wide-ranging tax breaks including 100% tax relief on investments in plant and machinery, and no National Insurance Contributions will be payable on the first £50,000 earned by new employees.

Richard Godmon, tax partner at Menzies LLP, said: “The new Investment Zones are reminiscent of the former Enterprise Zones, but they will provide a much more favourable tax environment for businesses and they promise to become a magnet for inward investment. There are currently 38 areas in England on the list for consideration and we look forward to finding out which ones will be selected.”

Incentivising business investment and Corporation Tax rise ‘cancelled’

The limit of the Annual Investment Allowance (AIA) will not revert to £200,000 as planned in April next year, it will now permanently stay at £1 million.

Richard Godmon, tax partner at Menzies LLP, said:

“Capital allowances are highly valued by businesses and they will be pleased that this one in particularly is going to stick at £1 million and that this is no longer being described as a temporary measure, but is to be made permanent.

“The decision to cancel the planned increase in Corporation Tax (due to tax effect next April) will be a relief to many small and medium-sized businesses who have been concerned that this increase would erode profits further and make it even more challenging to remain viable.”

Incentivising entrepreneurial investment

The Chancellor highlighted plans to increase the cap on investments that can be made under the Seed Enterprise Investment Scheme (SEIS) from £150,000 to £250,000. Individuals making investments in start-ups up have had the limit doubled to £200,000, with the 50% income tax relief remining the same. The Government also gave its commitment to continuing to back the Enterprise Investment Scheme (EIS).

“These announcements send a signal to entrepreneurial investors that tax should not be a barrier and the Chancellor wants to expand incentives in this area,” added Richard Godmon, tax partner at Menzies LLP.

Stamp Duty Land Tax

The threshold at which Stamp Duty Land Tax (SDLT) becomes payable on residential property purchases in the UK has been raised to £250,000, double its previous level in a bid to boost the property market. In addition, first-time buyers will not have to pay SDLT on property purchases up to a value of £425,000 (up from £300,000). Both measures will take effect from today.

Richard Godmon, tax partner at Menzies LLP, said:

“The decision to raise the SDLT threshold is designed to build consumer confidence and boost the housing market generally. For property developers it will fuel activity by creating demand, particularly from first-time buyers, and help to free up finance to front-end development projects.”

IR35 Changes

Richard Godmon, tax partner at Menzies LLP, said:

“The repealing of the 2017 and 2021 IR35 changes will be hugely welcomed as it will remove an administrative burden, risk and cost, enabling businesses to devote resources to furthering their growth strategies.

“It is important to recognise that IR35 has not been abolished and the result of the changes is that the risk and compliance costs are being returned to the individuals and their personal service companies.  HMRC will no doubt redirect their focus towards the contractors, which will bring challenges and make enforcement more difficult.”

Continue Reading

Finance

A zero trust environment is critical for financial services

Published

on

By

Boris Bialek, Managing Director of Industry Solutions at MongoDB

Not long ago security professionals were still focused on protecting their IT in a similar formation to mediaeval guards protecting a walled city – concentrating on making it as difficult as possible to get inside. Once past this perimeter though, access to what was within was endless. For financial services, this means access to everything from personal identifiable information (PII) including credit card numbers, names, social security information and more ‘marketable data’. Unfortunately, we have many examples of how this type of security doesn’t work, the castle gets stormed and the data isn’t protected. The most famous is still the Equifax incident, where a small breach has led to years of unhappy customers.

Thankfully the mindset has shifted spurred on by the proliferation of networks and applications across geographies, devices and cloud platforms. This has made the classic point to point security obsolete. The perimeter has changed, it is fluid, so reliance on a wall for protection also has to change.

Zero trust presents a new paradigm for cybersecurity. In this context, it is already assumed that the perimeter is breached,no users are trusted, and trust cannot be gained simply by physical or network location. Every user, device and connection must be continually verified and audited.

What might seem obvious, but begs repeating, with the amount of confidential customer and client data that financial institutions hold – not to mention the regulations – this should be an even bigger priority. The perceived value of this data also makes financial services organisations a primary target for data breaches.

But how do you create a zero trust environment?

Boris Bialek

Keeping the data secure 

While ensuring that access to banking apps and online services is vital, it is actually the database that is the backend of these applications that is a key part of creating a zero trust environment. The database contains so much of an organisation’s sensitive, and regulated, information, as well as data that may not be sensitive but is critical to keeping the organisation running. This is why it is imperative that a database is ready and able to work in a zero trust environment.

As more databases are becoming cloud based services, a big part of this is ensuring that the database is secure by default, meaning it is secure out of the box. This takes some of the responsibility for security out of the hands of administrators because the highest levels of security are in place from the start, without requiring attention from users or administrators. To allow access, users and administrators must proactively make changes – nothing is automatically granted.

As more financial institutions embrace the cloud, this can get more complicated. The  security responsibilities are divided between the clients’ own organisation, the cloud providers and the vendors of the cloud services being used. This is known as the shared responsibility model. This moves away from the classic model where IT owns hardening the servers and security, then needs to harden the software on top – say the version of the database software – and then needs to harden the actual application code. In this model, the hardware (CPU, network, storage) are solely in the realm of the cloud provider that provisions these systems. The service provider for a Data-as-a-Service model then delivers the database hardened to the client with a designated endpoint. Only then does the actual client team and their application developers and DevOps team come into play for the actual “solution”.

Security and resilience in the cloud are only possible when everyone is clear on their roles and responsibilities. Shared responsibility recognizes that cloud vendors ensure that their products are secure by default, while still available, but also that organisations take appropriate steps to continue to protect the data they keep in the cloud.

Authenticate Everyone  

In banks and finance organisations, there is always lots of focus on customer authentication, making sure that accessing funds is as secure as possible. But it is also important to make sure that access to the database on the other end is secure. An IT organisation can use any number of methods to allow users to authenticate themselves to a database. Most often that includes a username and password, but given the increased need to maintain the privacy of confidential customer information by financial services organisations this should only be viewed as a base layer.

At the database layer, it is important to have transport layer security and SCRAM authentication which enables traffic from clients to the database to be authenticated and encrypted in transit.

Passwordless authentication is also something that should be considered – not just for customers, but internal teams as well. This can be done in multiple ways with the database, either auto-generated certificates that are needed to access the database or advanced options for organisations already using X.509 certificates and have a certificate management infrastructure.

Tracking is a key component 

As a highly regulated industry, it is also important to monitor your zero trust environment to ensure that it remains in force and exompasses your database. The database should be able to log all actions or have functionality to apply filters to capture only specific events, users or roles.

Role-based auditing lets you log and report activities by specific roles, such as userAdmin or dbAdmin, coupled with any roles inherited by each user, rather than having to extract activity for each individual administrator. This approach makes it easier for organisations to enforce end-to-end operational control and maintain the insight necessary for compliance and reporting.

Next level encryption

With large amounts of valuable data, financial institutions also need to make sure that they are embracing encryption – in flight, at rest and even in use. Securing data with client-side field-level encryption allows you to move to managed services in the cloud with greater confidence. The database only works with encrypted fields and organisations control their own encryption keys, rather than having the database provider manage them. This additional layer of security enforces an even more fine-grained separation of duties between those who use the database and those who administer and manage it.

Also, as more data is being transmitted and stored in the cloud – some of which are highly sensitive workloads – additional technical options to control and limit access to confidential and regulated data is needed. However, this data still needs to be used. So ensuring that in-use data encryption is part of your zero trust solution is vital. This also enables organisations to confidently store sensitive data, meeting compliance requirements, while also enabling different parts of the business to gain access and insights from it.

Securing data is only going to continue to become more important for all organisations, but for those in financial services the stakes can be even higher. Leaving the perimeter mentality to the history books and moving towards zero trust – especially as cloud and as-a-service infrastructure permeates the industry – is the only way to protect such valuable data.

Continue Reading

Magazine

Trending

Finance2 days ago

Mini-Budget 2022:

Tax giveaway is a boost for business, but will it drive growth or fuel inflation?   Chancellor Kwasi Kwarteng has...

Finance2 days ago

A zero trust environment is critical for financial services

Boris Bialek, Managing Director of Industry Solutions at MongoDB Not long ago security professionals were still focused on protecting their...

Banking2 days ago

Digital Banking – a hedge against uncertainty?

Ankit Shah, Head of Digital Banking, Apex Group   The story of the 2020’s thus far is one of crisis....

News3 days ago

Union Bank of India goes live with RuPay Credit Card on UPI with Kiya.ai as a technology partner

Nitesh Ranjan, ED Union Bank of India with Rajesh Mirjankar, Managing Director & CEO, Kiya.ai at the launch   Kiya.ai,...

Finance3 days ago

Anyone Can Become an R&D Tax Expert with the Right Foundations

Ian Cashin is a Customer Success Manager at Fintech company and R&D tax software provider WhisperClaims   For accounting firms,...

Business3 days ago

Addressing the ongoing global pilot shortage issue

By Bhanu Choudhrie, Founder of Alpha Aviation   The Covid-19 pandemic brought the aviation industry to a halt, causing vast...

Business3 days ago

How exporters can mitigate risks and operate smoothly in stormy, post-Brexit waters

By Morgan Terigi is Co-Founder and CEO of Incomlend   The past few years have presented a series of hurdles...

Business3 days ago

From employees to customers, workforce management can benefit the entire banking ecosystem

Michael Cupps, SVP of Marketing of ActiveOps explores the significant impact workforce management can have on the employees and customers...

Business4 days ago

Redefining the human touch with digital transformation

Simon Kearsley, CEO of bluQube   It may not be a new phrase, but digital transformation is still inducing anxiety...

Finance7 days ago

CFOs – the forgotten ally in the fight against ransomware

Justin Vaughan-Brown, VP Market Insight at Deep Instinct   Ransomware attacks have nearly doubled in the past couple of years....

Technology1 week ago

7 cost benefits of cloud accounting software

By Paul Sparkes, Commercial Director of iplicit, an award-winning accounting software developer   Is your accounting software having a laugh...

Business1 week ago

How does Identity Access & Privileged Access Management help in PCI DSS Compliance?

Narendra Sahoo is a director of VISTA InfoSec. Introduction The Payment Card Industry Data Security Standard also commonly referred to...

Finance1 week ago

Listed private debt deserves a closer look from investors

By Michel Degosciu, Managing Partner, LPX AG Over the past few years, the private debt asset class is attracting serious...

Banking1 week ago

Security vs online payment convenience: which one is tipping the scales for customers?

 Chirag Patel, President of Digital Wallets at Paysafe.   While keeping their payment details safe is a top priority for...

Business1 week ago

The Tool and Tips to Truly Get Started with No-Code Development

Author: Chris Obdam, CEO of Betty Blocks   Throughout the legal industry, firms and in-house departments are leveraging legal tech...

That’s where Netcall’s Liberty Create came in. Create is a new breed of low-code software solution, built for both business users and professional developers That’s where Netcall’s Liberty Create came in. Create is a new breed of low-code software solution, built for both business users and professional developers
Business2 weeks ago

How ReFi Will Transform Finance

– by Ransu Salovaara, CEO of carbon platform Likvidi   Humanity faces a multitude of threats, many of which are...

Business2 weeks ago

THE NEXT WAVE OF FINTECH IS HERE

Much has been made of the ‘second generation’ fintech movement recently, but what have these businesses learned from those entering...

News2 weeks ago

UK leaves Europe trailing in its embrace of digital banking

People in the UK have embraced digital and online banking in a way that those across the rest of Europe...

Business2 weeks ago

The rise of automation and its impact on the CFO & CIO

By: Gert-Jan Wijman, VP Europe, Middle East and Africa at Celigo   On the back of the pandemic, organisations have...

News2 weeks ago

Managing fuel spend during unprecedented volatility

Attributed to Paul Holland, MD of UK Fleet, Allstar Business Solutions   With the price of fuel on everybody’s minds,...

Trending