Embed Size (px)
Citation preview
CLOUD IN CAPITAL MARKETS
GETTING AHEAD OF TOMORROW
March 2018
NEX | CELENT 1
FOREWORD
Business and regulatory challenges continue to reshape the capital market ecosystem, altering the traditional roles played by all participants. Firms continue critical evaluation on where to compete, which clients to serve, and what business lines to grow. A key component of these decisions is optimisation of technological processes to serve the needs of capital markets – to lower capital demands, reduce cost, mitigate risk, best serve clients and ensure transparent and secure regulation.
In this paper, written by Celent (www.celent.com) in partnership with NEX (www.nex.com), a financial technology company, we make the case that the cloud will play a more central role in all aspects of capital markets. The shift from private data centres to cloud hosting will accelerate. The cloud allows all players in capital markets to create new means of offering services across geographies, clients, and products in a rapid and secure manner.
As financial institutions (FIs) assess their own capabilities against those of the cloud provider, they become more determined about the importance of this path. Yet, FIs also grapple with the new risks that the cloud might bring; the different regulatory positions across jurisdictions, the economic changes of shifting to a pay-as-you-go model, and their responsibilities for data security versus those of the cloud provider.
NEX | CELENT 2
TABLE OF CONTENTS
Foreword 1
Table of Contents 2
Introduction: The Road to the Cloud 3
Cloud Enablement 4
Cloud Impact 7
Cloud Regulation 9
Cloud Concerns 12
Cloud Future 15
Contact information 17
NEX | CELENT 3
THE ROAD TO THE CLOUD INTRODUCTION
The cloud is coming of age in capital markets. While part of an evolving process that goes back two decades, it presents a significant change to how to best use technology to serve the needs of a rapidly changing business. Financial institutions (FIs) are considering seriously how the cloud can drive innovation, agility, and competitive advantage.
In a challenging macroeconomic climate when many are struggling with competition, regulation, and service models, firms need to focus precious resources on their core business. The cloud not only provides computational power on demand but shifts capital expense (CapEx) to operational expense (OpEx) by offering tighter controls on costs, avoiding the constant cycle of buying, depreciating and disregarding hardware. Leveraging the rapid innovation of the cloud providers at their expense is a competitive advantage. It also supports the ability to rapidly adapt to changes in the technology cycle.
The concept of using an external provider to store data is not new; the previous trend was to externalise infrastructure in a data centre, either owned directly or outsourced. An extension of that concept, the cloud, is being adopted by a growing number of firms. The business case is compelling, especially in the case of ever increasing need for and use of data.
For most financial institutions, the emerging case for cloud use involves large amounts of data and significant, readily available computing power. Applications migrating to the cloud include complex risk analysis, stress testing, trading analytics, regulatory solutions, surveillance, and operations. For incumbent firms steeped in a single tenancy model, (i.e. owned or rented data-centres), a pure lift and shift approach to a multi-tenant cloud environment is a complicated journey. Adoption of the cloud calls for a new approach to working on specific solutions with key partners in financial services. However, other factors, such as changes in regulation are requiring full-scale changes to business requirements and alterations to these applications. Such changes provide an opportunity for FIs to incorporate cloud architectural mandates into their legacy infrastructure considerably increasing transparency and compressing potentially long development cycles.
Celent estimates the global annual capital markets IT spend will be $145 billion in 2018. In the next three years Celent expects capital market firms to triple workloads from traditional data centres to cloud data centres, saving the industry billions of dollars. This will all occur with rapidly decreasing latency to cloud data centres, unit compute cost drops, and an ever-evolving portfolio of available tools.
NEX | CELENT 4
CLOUD ENABLEMENT BUSINESS INNOVATION
FIs are overcoming many of today’s challenges via better and more efficient management of data. Data
is the fuel that drives improved analytics and predictive machine learning (ML). A focus on data processes allows these firms to extract value from their data via cognitive ML tools that are creating business efficiencies, customer insights and ultimately competitive advantage.
Speed and flexibility are critical to survival in the competitive capital markets business. The availability and security of cloud allows financial institutions to think more strategically about their technology and what needs to remain managed in-house. A key source of future agility will be the ease in which on-premises, co-located, and cloud solutions are interchangeable. The cloud allows in-built reproducibility, clear auditability, automated reporting, faster experimentation, greater collaboration (both within and between firms), and quicker deployments.
Intelligence Data centric, analytic and
leveraging advanced machine learning (ML).
Modularity Building components
across silos; leveraging internal and third party APIs.
Innovation Continuous development,
integrated development, automate testing software release processes. DevOps focused.
Security Fortress for customer and
business data, a wall against cyber and hacking threats.
Externalisation Strategy to
choose and grow third party partners such as cloud.
NEX | CELENT 5
The cloud and its surrounding ecosystem are rapidly evolving to add functional capabilities beyond simply providing hardware replacement. Since users are only charged for the transactions they process, FIs can scale to whatever volume is required without the burden of an ongoing server cost. For an industry that designs fixed capacity for rare volatility spikes, this is a source of huge capital savings while reducing redundant spare capacity.
What’s more, the cloud facilitates faster software development, system updates, and rapid code correction allowing firms to embrace agile practices. This is particularly valuable as client demands for data insights have moved from quarterly to real-time since the financial crisis for example, as FIs have had to be aware of their risk positions at more frequent intervals. A cloud-based infrastructure supports the migration to real-time by providing the on-demand computational power and making it easier to co-locate common utility data on which the real-time processes can operate.
CLOUD SECURITY
When it comes to security, financial institutions need to ensure they follow the best practices in methods, and technologies. This is especially critical for sensitive data and compliance processes. Leveraging state of the art security as a partner with the cloud providers reduces risk and makes sound business sense. The rising sophistication of cyber-security attacks makes it increasingly difficult for financial institutions to continue to invest in a race where winning is not rewarded but failure is front page news. The major cloud providers have invested their enormous resources to enhance security according to company released information. They are offering high levels of data encryption, advanced security protocols, and information security for FIs.
There is also the development of rigorous delineation of responsibilities that sit with the FIs and their partners and the cloud providers. In effect, FIs will continue to have to take responsibility for security of their clients’ data in the cloud. The core fortress of the cloud will be maintained by the cloud provider.
Unlike most capital-constrained FIs, cloud providers have spent billions of dollars on measures to improve security, as well as scalability, multi-jurisdictional support, and resilience. As a result, cloud providers now offer a viable way for FIs to update their IT infrastructure and improve their technical capabilities, whilst simultaneously driving efficiency and cutting costs. Cloud providers offer not only a highly secure infrastructure, but also active monitoring services to further ensure the integrity of the deployment and data. The payoff: each year, major banks, hedge funds, exchanges, brokers, and traditional asset managers are migrating more of their compute and storage to the cloud.
FIs wary of entrusting certain data to the cloud need to realistically assess their own capabilities against those of a cloud provider as the cost of information security escalates.
NEX | CELENT 6
CONTINUOUS CODE DELIVERY INNOVATION
In more than any other area, the cloud has remapped the culture and process of creating internal and customer facing applications. The ability to dynamically clone and recreate environments has readjusted the expectations for development and operations (DevOps) and has been instrumental in creating a holistic approach to software creation, release and production. Cloud driven DevOps has changed the frustratingly slow system development life cycle (SDLC) process of looping in IT infrastructure, ticket opening, patching, updating, and provisioning of hardware by shifting that process directly to software engineers and support teams. It has added to a firm’s speed of delivery by ensuring that the specifications, coding, testing, and release are undertaken in a holistic manner. By automating these processes on the cloud, and mapping the metadata associated with development, firms will benefit from systematic tracking, provisioning, and versioning. This continuous integration/delivery (CI/CD) is rapidly becoming the standard for forward-looking FIs.
FINTECH IS NATIVE TO CLOUD
Cloud has been an important driver of the recent wave of financial innovation. Nearly all fintech and regtech firms have built natively in the cloud. Many of the original decisions were based on low cost and responsive infrastructure. However, as the ecosystem has evolved, resident data and the ever-increasing number and quality of cloud tools have allowed substantial innovation in their use of analytics and machine learning.
In effect, the original drivers for many fintech firms—namely, cost (don't build an infrastructure, rent it) and agility (well, our first business plan was wrong, but we can pivot to another approach) have evolved into a new value proposition with new revenue opportunities (we have the data right now; let’s use some of the tools to extract insight).
By the same token, learning from digital cloud natives, some of the largest banks have adopted the very same approach to create a digital proving ground for new ideas and alternative business models in a new jurisdiction via cloud based proof of value (POV). A single FI’s CapEx save for sandboxing could run into the tens of millions of euros.
NEX | CELENT 7
CLOUD IMPACT DATA
The explosion of data has continued apace. Gleaning intelligence from data defines all activities in capital markets.
Getting data right is a source of strategic advantage. Data is at the core of how most C-level FI executives respond to their biggest challenges. Data organisation and optimisation is the single most important priority for capital market CTOs seeking an edge in the future. Yet at the same time as firms are moving to transparent innovation models like Open Banking, or more robust APIs, they are faced with the challenges of knowing exactly where and how their data is being utilised. A CEO who can see the whole version of the truth has a real commercial advantage.
FI’s typically operate in data silos with processes in Risk, Finance and Front Office separated. Cloud can break down these silos and provide better decision-making powers, i.e., reliable and real-time identification of risk, capital and liquidity usage as well as the ability to provide more accurate regulatory reports or management information.
In every unique collection of data, the defining topics are the same: ingestion, governance, provenance, discovery, access, analytics, resilience, and auditability. Without a methodology for each, a firm will waste considerable efforts and even find confusion on its own internal golden copy. On a counterparty or client basis, removing data confusion is a key to cutting reconciliation costs. Cloud is best placed to help solve two FI data challenges: 1. The ability of pooled utility data to be shared across FIs to improve efficiencies, (e.g. reduced need for reconciliations and reduced operational breaks as FIs using same common data set), and 2. Flexibility to power analytical processes on big data to generate insight driving revenue.
Some of the flexibility in data methodologies will emerge around location, such as the opportunity to tie data in a specific jurisdiction to compute in that jurisdiction, factoring in legal, regulatory, and operational variables. Cloud-based data views can be set to particular regions. In addition, firms can select where data is stored, as well as determine who can look at the data and what regions to avoid for data storage or transit to keep it from being seen by the wrong people or breach local regulations. Many of the public cloud suppliers provide detailed logging tools to track data use, which have not been available before.
Regulation like risk aggregation under BCBS 239 has demanded deeper insights into data location, availability, usability, and auditability. At a time when calculations are becoming more intensive, questions posed by regulators also need to be answered quickly. Cloud based solutions enhance the ability to answer data related questions thoroughly, quickly, and accurately, which has become an edge for FIs.
NEX | CELENT 8
MACHINE LEARNING & ANALYTICS
A cloud-based data focus allows machine learning (ML) to solve problems and gain insights that free up capital and improve efficiency. Big data and ML technologies are driving efficiencies in post-trade activities like reporting, compliance, and risk management.
Big data tools and analytics have gone a long way towards providing solutions for the preparation and interpretation of data. The accuracy and speed with which market players can accomplish this is a clear competitive advantage. The savviest market participants are those that can leverage the broadest and deepest data sets which enables the most complete decisions. Firms are looking for more detailed analytics, in real time, on market microstructure, broker/client engagement, and statistically based predictive analytics. ML is becoming part of the investment process; it can also become part of the process to solve problems around patterns in massive data sets.
Over the last 18 months, the power of the cloud to run ML algorithms has become apparent. On-premise solutions that try to replicate some of the native voice and data processing ML algorithms are lagging behind cloud-hosted platforms. This lag between cloud and on-premises capabilities is most obvious in the shift from post-trade and history-based analytics to pre-trade predictive analytics for trading, margin costs, settlement and operational insights. As data is collected and housed in the cloud, the ability to run pattern recognition and inference models will allow firms to not only trade better; it will empower them to find new and unforeseen opportunities in the data. For example, recognising risk patterns, predictive compliance, predictive risk, and detecting anomalies at critical points in the cycle of trading are emerging use cases that are all empowered by the infinite scalability of the cloud.
For decades, capital markets have been plagued by nearly intractable problems, such as trade date mismatches from exchange traded equities to bespoke OTC derivatives. An industry cloud solution for collecting and running algorithms would yield a new level of continuous monitoring and the opportunity for real-time correction.
The savviest market participants are those that can leverage the broadest and deepest data sets which enables the most complete decisions.
NEX | CELENT 9
CLOUD REGULATION A global stream of regulations has placed enormous pressure on FIs to improve their compliance efficiency.
THE REGULATED AND THE REGULATORS
In certain instances, global regulations require FIs to directly supervise vendors and monitor hardware down to the server level where business critical infrastructure has been outsourced. This is not possible in the cloud; therefore, many institutions assumed that regulators would not permit these services to reside in the cloud. To bypass this logical inconsistency, cloud providers have implemented advanced logging and reporting mechanisms that support detailed monitoring of applications and data systems operating in a wholly virtualised environment. This has created a level of transparency, auditability, and standardisation that the regulators are keen to see more of, allowing them to potentially obtain read-only access to the full data set – old, new and developing. This transparency is driving the regulators to see the power of cloud for their regulatory needs.
After initial skepticism about its security, some regulators are now embracing the use of Cloud. That said, they do see risks, and expect these to be managed. However, instead of drafting new rules, they are adapting existing outsourcing rules. As evidenced by the recent EBA Guidance, regulators have reasonably concluded that cloud is another form of outsourcing. For example, FI’s outsourcing to a cloud provider must maintain responsibility for all data outsourced, must have audit and access rights, have agreed controls in place for security of data and systems, and contingency and exit plans must be in place. This approach is similar across many regulatorsi globally, including the UK, US, Europe and Singapore and takes the form of rules or guidance. As in other outsourcing arrangements, accountability remains with the FI, even where there is chain outsourcing, (where the outsourcing service provider subcontracts elements of the service to other providers). One interesting point that has made its way into these discussions is the data demands for proper and holistic prudential regulation by the regulators themselves. In fact, the data demands on constrained budgets of regulatory authorities like the FCA in the UK and Self-Regulatory Organisations (SRO), like the Financial Industry Regulatory Authority (FINRA) in the US, have led to regulators working more in the cloud. As regulators have moved to the cloud, so has the industry, as much of the data will ultimately move to the cloud.
Arguably, the success of data intensive regulation like MiFID II depends on data collected by regulators. If regulators are able to take advantage of innovations in technology to receive and analyse the vast swathes of data they receive, then they will be able to monitor the markets more effectively and increase financial stability – two of the key objectives of the regulations.
NEX | CELENT 10
FINRA: REGTECH FROM THE REGULATORS
As the data and computing requirements outstripped internal capacity, FINRA was among the earliest adopters of the cloud. In the data storm of the Flash Crash, the SEC recognised the imperative of having a more rapid insight into the state of all the US exchange-traded markets in real-time. While costing this out, FINRA realised they needed a different approach, which they took with a cloud providerii.
REGULATORY VIEW OF CLOUD
Regulators are using the cloud for large data collection and to assess systemic risks at scales that were not possible in the past. They now are seeing substantial increases in the ability to leverage their data as well as use it to support regulated firms. In fact, evidence suggests that moving to the cloud has increased FINRA’s operational resilience (uptime, patch over, etc.) five-fold and estimates that it is saving $20 million annually. Following the Brexit vote in 2016, and the ensuing surge of market activity, there were no issues with processing petabytes of market data. Similarly, the UK’s FCA – an advocate of innovative, regtech approaches to regulatory challenges – is moving to a cloud-based data and analytic infrastructure for transaction reporting.
NEX | CELENT 11
CLOUD-BASED REGULATORY REPORTING
Each new regulatory demand could be solved independently. A more effective approach, however, is enlisting industry based or private data aggregators that can collect the data and normalise it. A cloud-based regulatory storage regime allows easier updating of reference and transiting data, as well as real-time updates and corrections. Built in the cloud, this allows the optimum use of harmonised data. When combined with advanced predictive analytics and ML, correct data can be used for predictions on when the likelihood of a mismatch or failure might occur, whether on the close, at month end, or specific options expiries. The collected data will better serve the industry when it is normalised and can yield real risk mitigation results at a market level. Similarly, reloading data for each analytical overlay is an inefficient and costly process.
Market participants need to report details of their Exchange and OTC derivatives across assets to a registered Trade Repository (TR). Fines for incorrect EMIR reporting signal that regulators are serious about reporting regimes. For those being regulated, solving each regulatory demand on its own is an inefficient use of resources. ESMA recently approved a TR in the cloud.
GENERAL DATA PROTECTION REGULATION (GDPR)
The General Data Protection Regulation (GDPR) harmonising 28 different European data laws is of enormous scope. Further, non-compliance can mean potential fines reaching 4% of a company’s annual revenue up to €20 million according to the European Union. It is creating a situation where firms are assessing their ability to access, process, extract, and delete data required by the regulation. Data provenance and accuracy will become critical. Flexibility and data storage, especially when specific jurisdictional requirements are in place, will cause great expense without the provision of data storage assets in that region.
GPDR creates the need for data intelligence, encompassing how a firm is:
• Ingesting and retaining data;
• Distributing, auditing, and managing the full daisy chain of data relationships.
• Rendering the data unidentifiable yet useable.
• Monitoring data changes and proof of deletion with a full audit trail.
Moving forward, a cloud offering that creates a 360-degree view of highly fragmented, disparate data sets, along with monitoring tools, will be key to every firm’s compliance with these numerous data-based regulations, and will put them at a competitive advantage.
The NEX Abide Trade Repository (NATR) uses the cloud and is hosted in the public cloud for cross asset listed and OTC derivatives EMIR reporting. The cloud path allowed NEX to innovate and offer their clients a cost-effective, scalable, and resilient data solution. Similarly, the UK’s FCA – an advocate of innovative, regtech approaches to regulatory challenges – is moving to a cloud-based data and analytic infrastructure for transaction reporting.
NEX | CELENT 12
CLOUD CONCERNS BALANCING RISK AND REWARD IN THE CLOUD
CLOUD CONCENTRATION
Many focus on the vendor risk of the cloud, either in terms of the concentration of customers on one cloud provider, or the cloud being a larger target for cyber threats. Too often, FIs think about their potential cloud risk differently than other core technology conversations around data centres, outsourcers, outsourced technology providers, or even physical networks and connectivity. Perhaps, because of the expansive product sets that the cloud providers offer and concerns around vendor lock-in. Instead, FIs need to consider the risks in a similar way – as they would any outsource relationship. Risks and responsibilities must be fully understood. Especially, the cloud providers responsibilities for managing certain risks, and those of the FIs – where one ends and the other begins.
A traditional data centre offers security through obscurity. The level of obscurity is inversely proportional to the size of the firm. In contrast, everyone knows where major cloud providers are located: at one level. The target is large, and potentially rewarding to bad actors. Of course, the cloud is not one thing but a series of logically and physically portioned servers, so one ‘hit’ would not necessarily affect all users of that cloud provider – or all data of one customer of the cloud provider. But with concerted efforts, launched against a large target such as a cloud provider, a hacker might stumble
NEX | CELENT 13
across something. While this is easily refuted, it raises ongoing questions around the responsibility of the cloud provider and those of the FIs.
DATA BREACHES
Data breaches exposing private information have been all too common recently. These are massive disruptions, destroyers of value, and a source of concern for all those impacted within the financial services industry. These incidents raise questions on the division of responsibility between FIs and the cloud provider. Data breaches also raise the question around regulation of the cloud.
Often breaches attributed to the cloud providers sit with the cloud user. The cloud providers will continue to invest to ensure computer and storage facilities are impenetrable. They will also continue to invest in regional cloud availability to ensure all jurisdictional demands for presence are met.
Clearly, the answer lies in proper usage of the cloud-InfoSec tools: encryption as if it were ones own data centre. Configuration design is required by FIs and their partners and not the cloud provider, as in the end, the FI will be accountable for any such breach. Of course, this high cost will only increase under the elevated fine regime of GDPR.
In the end, financial regulators are unlikely to regulate cloud providers, a move that would open the door to regulating technology vendors more broadly, unless the cloud provider enters a new venture and itself becomes the FI. The key will be standards on how to interact with third party providers.
Cloud vendor concentration dependencies should be mitigated by natural competition amongst cloud providers and new providers entering the market. The other factor will be the clear delineations that are emerging between the responsibilities of FIs and their partners and the cloud providers. In capital markets, FIs hold the key. In the on-boarding process, cloud providers are not taking responsibility for AML, KYC, and those responsibilities that sit with FIs.
We argue that the security of the cloud is greater than that of most, if not all, FIs. The cloud provides many tools for protection of data at rest and in transit, but in the end, the FI is responsible for the implementation of its data protocols. In the analysis of breaches for firms with cloud hosting outside of financial services, it is the firm’s responsibility and not the cloud provider’s. A firm’s approach to governance is crucial. It does, however, require a shift in core areas of investment. Cloud users will need to invest in better expertise and talent within the InfoSec areas. You cannot expect to be secure if you tape the key to your door.
NEX | CELENT 14
SO, IS THE CLOUD FOR EVERYBODY?
There will be FIs that do not go to the cloud. They will forego the growing advantages for a variety of reasons. Technology: They are heavily invested in their own infrastructure and saddled with legacy technology. The task of integrating cloud-based infrastructure and applications with banks’ existing infrastructure will be too complex. Economics: They have data centre assets or CapEx expenses that provide tax or depreciation advantages. The high initial cost of changing processes, or hiring the talent of the correct types of developers. Or, they are locked into a multi-year multibillion dollar outsource contract. Cultural: Inertia in embracing the new technology is slowing down the pace of adoption. Furthermore, embracing the cloud without an ‘on demand’ IT model can lead to high costs.
We believe that in the near future these challenges may outweigh the objections. Clearly, a fintech startup can make cloud leverage look easy. For those with a multitude of systems developed over decades, with large capital investment in infrastructure, and gained through acquisition, transitioning to the cloud may be more challenging. Still, established FIs need to have a cloud strategy as they develop new applications, technology sunsets, and end of contract data centre discussions. Some FIs are taking incremental steps on to the cloud by leveraging fintechs and core partners in capital markets that are already up and running.
NEX | CELENT 15
CLOUD FUTURE
CLOUD IS COMPELLING
The cloud will play a more central role in all aspects of capital markets. The shift from private data centres to cloud storage will accelerate. Perhaps more than anything, the cloud is allowing all players in capital markets to create new means of offering services across geographies, clients, and products in a rapid and secure manner.
With increasing cost pressure and exploding data volumes, we see an industry shift towards more flexible infrastructure in capital markets. Digitisation of newer asset classes and addition of new information systems will accelerate this trend. The challenge for established technology firms and market operators will be to find the correct means of collaborating with new business models and innovative technologies.
NEX | CELENT 16
CONCLUSIONS FOR TODAY, PREDICTIONS FOR TOMORROW
❖ Regulators will not impose regulations on cloud providers, but will work with industry to define common minimum standards and will require FIs to be comfortable that they can oversee the outsourced relationships effectively.
❖ As data becomes more accessible and useable, FIs go beyond developing compliance solutions and move to lowering costs, creating new products and providing a better, more accurate service for end customers.
❖ Traditional T+1 processes will move towards operating in real-time. This will allow intra-day risk decisions to be made, facilitating the optimisation of scarce capital.
❖ The cloud requires different fundamental thinking about business and technology costs. By shifting of core investment areas within technology and operations, the disappearance of CapEx in this area will compel most to consider cloud. The five-year cycle of new CapEx based IT investment in capital markets will end.
❖ Many firms will spend more than they predicted when they first switch over to cloud. IT teams must have strict controls in place to ensure they only pay for the services they need, not every service on offer and Finance must be aware that ‘pay-as-you-go’ and ‘use what you need’ is hard to budget for.
❖ The removal of technology infrastructure from balance sheet will continue to free up scarce capital for revenue generation.
❖ Cloud future proofs sudden radical shifts in the business needs.
❖ Regulators will be looking for a clear picture of the shared responsibilities and delineation between cloud providers and financial institutions and their partners, including where chain outsourcing is present.
❖ The industry will work towards best practices and standards. Cloud remaps responsibility but does not outsource certain liabilities or accountability.
❖ FIs will re-assess the way they protect against cyber-attacks. Cloud providers have demonstrated that, with the right partnership and approaches, they can provide state of the art security infrastructure to financial institutions at a lower cost.
❖ Fintech firms can and will leverage the benefits of cloud sooner than incumbent firms, and in the short to medium term will reap the rewards.
❖ Fixed-cost, long-term deals for infrastructure provision will become a thing of the past in short order.
NEX | CELENT 17
CONTACT INFORMATION
Michelle Hallett Regulatory Affairs Director NEX 2 Broadgate, London, EC2M 7UR [email protected] www.nex.com
Brad Bailey Research Director Celent, A Division of Oliver Wyman Phone +1 609 520 2557 Mobile +1 415 653 9387 [email protected] www.celent.com
i FG 16/5 – Guidance for firms outsourcing to the ‘cloud’ and other third-party IT services (FCA, July 2016); E.g. OCC Third Party Relationships – Risk Management Guidance Oct. 30, 2013, FFIEC IT Subcommittee; Outsourced Cloud Computing, July 10, 2012; Recommendations on outsourcing to cloud service providers, (EBA, December 2017) Guidelines on Outsourcing Risk Management (Introduces Guidance on Cloud Services) MAS, July 2016)
ii https://www.finra.org/investors/how-cloud-changing-financial-regulation; https://aws.amazon.com/solutions/case-studies/finra/
