Ben Saunders, VP Consulting EMEA at Contino
According to the Financial Conduct Authority (FCA) guidelines on outsourcing IT, firms must be able to “know how [they] would transition to an alternative service provider and maintain business continuity”.
For organisations that realise that the future of digital services belongs to the cloud but want to remain in line with key financial guidelines, this could mean only one thing: multi-cloud.
So, what do the regulations mean for your business’ multi-cloud? The guidance given by the FCA is trying to do one thing: reduce risk. This can be approached from four main angles: operational, concentration, data and exit risk.
Reducing Operational Risk
The operational perspective is all about securing day-to-day operations. Key requirements to meet this include documented and tested risk assessments, skills and resources to mitigate risk and a documented business case justifying risks. The central pillar of an operational risk strategy must be a solid risk assessment.
This must identify all the critical or important functions that the financial institution provides (e.g. current accounts, payments, loans, credit cards, savings accounts) and the risks associated with these services (e.g. technical, financial, political etc.).
Your risk assessment must be documented and reviewed on a regular basis. All the risks that are identified must be assigned to someone to be accepted, managed or mitigated with a clear action plan, with a Material Risk Taker (MRT) wholly accountable for the risks identified as part of the overarching cloud strategy.
The key takeaway here is that many financial organisations, upon first adopting the cloud, struggle to fully understand how their core products, business service lines and customer journeys hang together architecturally. So, the starting point is always to understand the as-is state is and what your provisional to-be architecture could look like.
As a starter for ten, choose one business service line across each of your core product sets. Identify the components where value could be derived through the adoption of public cloud and establish a repeatable framework that can be used by other sections of the organisation.
Mitigating Concentration Risk
Concentration risk is defined as “the reliance that firms themselves may have on any single provider.” It’s about making sure that you don’t put yourself in a situation where you have all your mission-critical eggs in one basket.
So, what do businesses need to do to mitigate concentration risk in the eyes of the FCA? They need to know the criticality of workloads in the cloud, know where these workloads are and test a plan for how you can transfer these to a different provider in the event of provider failure.
Regarding workloads, note that different requirements apply to different functions. Most important here is whether the function being outsourced is “critical or important”. A critical or important function is one whose failure would “materially impair the continuing compliance of a firm”. Undertake a discovery assessment so you know what workloads you have where and what level of material importance they carry.
When it comes to creating a tested plan for moving to a different provider, one suggested method is:
- Identify a small, low-risk workload in your organisations existing cloud that would make a good candidate for an experimental migration to a new cloud
- Execute the experimental low-risk migration
- Whether you fail or succeed: learn from what went well and what didn’t go so well
- Apply the lessons learned to the next experiment
- Continue experimenting, scaling the migration more widely each time
- Write up the results of your experiments into a documented strategy along with evidence of the experiments
- Consult with the FCA to see if they approve of your battle-tested strategy!
Being transparent is a crucial part of an effective engineering culture and here it applies as much externally as internally. Update the FCA frequently and ensure a tight feedback loop between them and your cloud teams.
Reduce Data and Security Risk
How you approach data and security are critical when it comes to reducing risk. Firms “should carry out a security risk assessment that includes the service provider and the technology assets administered by the firm … [c]onsider data sensitivity and how the data are transmitted, stored and encrypted, where necessary”.
Regarding security readiness for public cloud, a poorly thought-out method is taking existing ‘on-premise’ security and compliance controls and enforcing them in a cloud environment.
As part of a cloud adoption strategy, businesses should consider which of your existing security controls should be adopted, which should be adapted, and which should be retired. Using frameworks such as the Cloud Security Alliance (CSA), Centre for Internet Security (CIS) and National Institute for Standards Technology (NIST) and embedding these using practices such as compliance-as-code will provide organisations with a consistent security pattern that can be applied across each of the major cloud providers, in turn establishing a heterogeneous way of handling security in the cloud.
Regarding data, it’s important to build a view of data tiering and sensitivity of data you’re prepared to push into cloud. This assessment must be wide reaching and include a data residency policy, a data loss strategy, and a data segregation strategy.
Reduce Exit Risk
What if you need to leave a cloud? Your organisation needs to be prepared. Regulations make it clear that you need a documented and tested exit strategy that will, crucially, enable you to meet the regulated level of service for a given workload.
Say, for example, that you had a critical payments system that regulations mandated be 99.99999% available, with a recovery point objective of zero. Your exit strategy would have to ensure that you can still meet this level of service, while you exit your cloud provider.
Achieving this goes back to having really good configuration management practices and architectural principles. No one wants to deal with a monolithic app here! Make sure all applications are as modular as possible, which will support incremental migration patterns to maintain system uptime.
Critical here is that when you are in negotiations with a cloud service provider that you have a contractual agreement in place that guarantees that they will help you to exit with minimal disruption and provide you with the required support to do so.
Most financial institutions are already considering embarking on a multi-cloud journey, however the FCA guidelines should be the prompt everyone needs to really get started. If organisations consider operational, concentration, data and exit risk, they can meet the FCA guidelines and ensure they are running a dependable, profitable and forward-thinking operation.
WITHOUT C-SUITE COLLABORATION DIGITAL TRANSFORMATION IS UNLIKELY TO BE SUCCESSFUL WITHIN FINANCIAL SERVICES
By Nick Gold, founder and Chief Executive of Speaker’s Corner
A path to digital transformation
Mapping a clear path is essential for companies undergoing digital transformation. Responsibility for driving digital transformation across the enterprise lies with the C-suite. The CEO, chief marketing officer (CMO), chief human resources officer (CHRO) and chief operations officer (COO), among others, must work together to make the transformation happen. However, this can be difficult to achieve as certain members of the C-Suite are more proficient with technology than others. This article will look at how to overcome resistance/challenges at a senior level to any digital transformation strategy.
Working and evolving alongside the digital revolution
The fourth industrial revolution, where technology meets disruption via the Internet of Things, robotics, virtual reality and artificial intelligence, are fundamentally changing the way we live and work. This journey is taking us further into a world which we are only starting to understand.
We can see this most clearly in the finance sector, where at every stage of this revolution an area of this industry has been targeted and disrupted. As leading thinkers and exponents from the finance sector have shared their stories through their speeches, explaining the current impact and forecasting what will happen next, it is clear that for both the most established companies alongside the new wave of digitally lead fintech companies, change is part of the regular business cycle.
But having the processes and procedure in place to encourage change and be at the forefront of the digital revolution will be critical to the continued survival, let alone success, of companies within this sector.
As such, companies have realised that their processes, their products and even the reason for their entire existence needs to change in order to survive this revolution. However, the C-suite are struggling to adapt because this isn’t a clearly defined problem and there isn’t a historical precedent to follow.
How the finance sector deals with change
In days of old, a business problem would have been identified and a decision would be made to implement a technological solution. With the recommendation approved, the C suite, usually the Chief Technology Officer, would be tasked to deliver the project. This suited all the C suite members as it meant that the expertise of each member of the executive was clear and there was a clear delineation between their roles and responsibilities.
What fascinates me, especially in the finance sector, is for those established companies who historically have dealt with change (especially in the digital or technology space) by acquiring companies to utilise their technological systems and processes, this ‘traditional’ process for dealing with a changing marketplace is no longer as straight forward as it used to be.
Why is this? As I’m sure the reader is aware, the new fintech companies which disrupted the market, with their digital led strategy and processes, need to retain their cultural DNA to keep innovating and growing revenue.
But this doesn’t sit comfortable with the traditional model of acquiring a company and then integrating them into the processes of the buying company. The strengths of the new fintech company are being put at risk by this absorption and integration such that the company is potentially putting at risk the positive benefits for the acquisition.
The question is then posed for the acquirer, how do you integrate the new processes with all their benefits into the existing processes in an environment where the incumbents will be treating both the new company, new processes and new technological with a level of disdain and certainly a high level of suspicion, they are after all companies that have been leading the finance sector for many years
Building a strategic direction lies with the C-Suite
That mission sits squarely at the feet of the C Suite. Their role is to provide strategic direction for the company, understand the opportunities for the business and shape the vision and direction in order for the wonderful people who work for that company to deliver in their specific areas and for these people to see the challenge of change as an opportunity to develop and grow.
This moves the discussion at a C Suite level away from a technological based discussion, away from a place where there might be reticence due to an individual’s relationship with technology to either be part of the discussion or even worse, not commit to their viewpoints as they defer to other who they view as experts. It moves the transformation away from digital to strategic.
But digital transformation is nothing to do with the build and delivery of the systems, it is nothing to do with the evolution of the business processes to work with the new transformed business, but it is everything to do with the strategic path that the company needs to take in this new era.
The fourth industrial revolution, where change is happening at an ever increasing pace, requires the C Suite to have a clear understanding of critical milestones from a business perspective, with diversity of business views based on expertise and experience, to ensure large scale digital transformation programs stay on track to deliver the requirements for the survival, growth and success of their business.
DRIVING DIGITAL: HOW BUILDING SOCIETIES CAN THRIVE IN A NEW DECADE
Simon Healy, Industry Director Financial Services EMEA, Unisys
Building societies have been a feature of the UK’s financial landscape since the late 18th century, and these well-trusted institutions have played a key role in their local communities ever since – particularly when it comes to savings and mortgages. But recent years have presented serious challenges, and not just because of increased competition.
During the 2008 financial crisis, the sector ran into difficulties – often as the result of what proved to be ill-advised business diversification, like venturing into the sub-prime mortgage market, or corporate lending. In 2019, only 43 building societies remained active – and those who have survived have rightfully focused on consolidation, ensuring continuity of service for their valued customers.
Yet, as we enter a new decade, change is in the air. Most building societies are now in a much stronger position, contributing to a general sense that the time is right to start investing in the future. And – as you might imagine, given customer expectations and the focus of modern challenger banks – that future demands a highly digital, personalised approach.
Unfortunately, many building societies still have a reliance on manual processes, and have inherent constraints that limit their ability to innovate. This means that developing and distributing new digital capabilities can be challenging, with many feeling unsure of where to start.
So, what sort of digital offering should building societies spend their time developing – and how should they approach the process?
Belief in building societies: understanding the desire for digital
You only have to look at the rapid uptake of app-based banks like Monzo to understand that digital is desirable. But people aren’t seeking cutting-edge innovation in and of itself, which is good news for building societies. Instead, as Unisys’ recent research shows, customers are primarily motivated by fairly straightforward capabilities.
Our respondents claimed that convenience is one of the key drivers for choosing an account. So, in today’s digital world, it is perhaps no surprise that half say that online opening is important when they’re thinking about a new savings account, and 43% want online account management. A third would like access to a mobile app, and 34% are seeking omni-channel service, so that the service they receive in branch or on the phone is seamlessly integrated with their mobile, tablet or computer experience.
Nearly two in three customers feel that building societies should leverage the opportunities presented by the new Open Banking framework, with a third believing this would positively impact their personal finance management. And although not a traditional market for building societies, 86% of under 35s would be interested in a simple, intuitive digital current account from them.
Interestingly, and perhaps counter-intuitively, Unisys’ research shows that consumers are nearly seven times more likely to open a digital account with a building society than a digital bank, showing there is plenty of appetite – if only building societies are ready to take advantage.
Knowing this is one thing, of course, and building these capabilities in an environment that has traditionally relied on manual processes is quite another. Because while customer appetite for digital is high, delivering on it requires careful planning, not to mention a fundamental shift in mind-set.
Building societies should start by forensically understanding and assessing the actual wants and needs of their target customers. As we’ve already seen, the requirements of most are quite straightforward at a high level – so by taking the time to thoroughly understand digital drivers, building societies can segment customers more effectively, and gain a focused understanding of the features and services most valuable to them.
Once this has been established, they should be prepared to move in small, incremental steps. This might seem counterintuitive for a digital transformation project, especially since innovation teams are usually under pressure to show the ROI of their efforts. But moving too quickly can lead organisations to build capabilities that customers don’t actually want, squandering capital and resources.
A few years ago, after all, it was widely expected that tablets would be the primary method of accessing online banking. Now, it’s generally accepted that mobile-first is the strategy to focus on – and those who invested heavily in an experience optimised for tablet may feel they’ve wasted their resources somewhat. By moving incrementally, building societies will have the freedom to flex and pivot as market shifts like this occur.
A top-down change
This phased approach will also allow building societies to drive innovation across the entire organisation, rather than focusing on one particular area – like customer experience. Given the choice, most would prioritise a customer-facing app over investing in the employee experience. But while this works as a means of getting to market quickly, any digital innovation focused solely on the customer experience will soon fall down if it’s relying on paper-based, clunky or manual processes behind the scenes.
This is also tied to the need for a wider cultural mind-set shift, which necessitates buy-in from the top down. Senior stakeholders play an important role in influencing cultural change and moving transformation forward. And just as importantly, they can also overcome financial objections. The reality is, traditional revenue models aren’t particularly helpful for analysing the value of digital investment. An engaged stakeholder can ensure that the project isn’t derailed by objections on this front.
Innovation is by no means an easy process for building societies. But as we head into a new decade, the need for developing digital capabilities is clear. Consumers are keen to continue supporting their local building societies – but to build on this sentiment, organisations must take the time and the resource to build out their digital offering. If they can do so successfully, they’ll be well placed to thrive on the UK high street for many years to come.
THE END OF YEAR TAX CHECKS THAT COULD SAVE YOU THOUSANDS
Charlie Reading, Founder and MD of Efficient Portfolio After HMRC’s tax return deadline at the end of January, it can be...
RISK VS REWARD: IS AI TAKING OVER?
Xavier Fernandes, Analytics Director at Metapraxis A study by Oxford University academics into “The Future of Employment” in 2013 prompted...
HALO TRUST USES ADAPTIVE INSIGHTS FOR STRATEGIC BUSINESS PLANNING
Cloud-based financial planning helps HALO Trust deliver greater benefit to communities affected by war Adaptive Insights, a Workday company,...
IS DATA PROTECTION AND PRIVACY RELEVANT ACROSS ALL STRATA IN INDIAN SOCIETY?
A Study by Pensaar Design With CGAP Pensaar Design has been working on a research study with CGAP to better...
THE RISE OF CHALLENGER BANKS AND HOW LEGACY BANKS ARE TRYING TO KEEP UP
Jean Van Vuuren, Regional VP for UK, Middle East and South Africa at Alfresco The finance world has been...
NEW STUDY: AI HELPS ORGANISATIONS GROW PROFITS 80 PERCENT FASTER
Global research highlights how organisations are capitalising on emerging technologies to enhance finance and operations for competitive advantage Organisations...
UK START-UPS MUST MAKE THE MOST OF A SMALL WINDOW TO CAPITALISE ON INVESTMENT OPPORTUNITIES, FOX WILLIAMS WARNS
Despite rising investment, Brexit and growing interest from tech giants could cut off start-ups’ opportunities in 2020 While a...
XPEDITION UPGRADES MORE THAN ONE MILLION OPENWORK CLIENTS TO THE DIGITAL AGE
Xpedition, leader in the implementation of cloud-based business applications, has deployed a new system which has digitally transformed the customer...
ORACLE AND MICROSOFT BRING ENTERPRISE CLOUD INTEROPERABILITY TO EUROPEAN CUSTOMERS
Today, Oracle is announcing the continued expansion of its cloud interoperability partnership with Microsoft with a new cloud interconnect location in Amsterdam....
THE EMOTIONAL AND FINANCIAL COST OF WORKING WITH OUTDATED TECHNOLOGY
Slow Tech Could Waste 24 Hours of Worktime a Year In this digital age, businesses are hugely reliant on technology...
HOW TECHNOLOGY IS FUTUREPROOFING STOCK MARKET TRADING
Tony Shaw, Executive Director, London Office and Head Sales UK & Ireland at the Swiss Stock Exchange Markets are shifting,...
REVEALED: THE TOP 10 COUNTRIES THAT ARE REDUCING THEIR RELIANCE ON OIL
Ben Lobel, Copywriter at DailyFX New tool charts global commodity trading over the last decade The UK has reduced its...
‘MOVE FAST BUT DON’T BREAK THINGS’ – WHY FINTECHS WILL COME TO LOVE REGULATION
Alex Johnson, Director of Portfolio Marketing, FICO The guiding ethos of fintech is move fast and break things. It’s...
OFFSHORE COMPANY FORMATION TACTICS FOR SMEs
James Turner, Director at company formation specialists, Turner Little Starting a business brings with it its own set of challenges,...
EMV® 3DS – PAVING THE WAY FOR SEAMLESS AUTHENTICATION
Jean Fang, Product Manager, FIME The growth of e-commerce, m-commerce and remote commerce transactions is showing no signs of...
WITHOUT C-SUITE COLLABORATION DIGITAL TRANSFORMATION IS UNLIKELY TO BE SUCCESSFUL WITHIN FINANCIAL SERVICES
By Nick Gold, founder and Chief Executive of Speaker’s Corner A path to digital transformation Mapping a clear path...
LOOKING BEYOND THE PAYMENTS PRICE TAG
Rob Straathof, CEO, Liberis In the face of tough competition, cutting costs often seems like the quickest and easiest...
MITEK SETS NEW IDENTITY VERIFICATION STANDARD WITH ONE STEP LIVENESS DETECTION
Omnichannel Liveness Detection ensures more effective, safe and simple identity verification Mitek (NASDAQ: MITK, www.miteksystems.com), a global leader in digital identity...
HOW TO MERGE YOUR FINANCES AS A COUPLE?
By Nelisiwe Ndlovu, Certified Financial Planner at Alexander Forbes There is never a good time to discuss finances with...
INTERNATIONAL BANKING NETWORK IBOS ASSOCIATION APPOINTS NEW MANAGING DIRECTOR
International banking network IBOS Association is delighted to announce the appointment of its new Managing Director, Manoj Mistry. Formerly Managing...