About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

DTCC Details Lessons Learnt and Best Practice Approaches Resulting from its Cloud Adoption Journey

Subscribe to our newsletter

DTCC has highlighted the challenges and opportunities of its cloud adoption journey in a white paper published today and designed to help financial institutions take best practice approaches to cloud implementation.

The paper, Cloud Technology: Powerful and Evolving, is authored by the company and recognises financial firms’ ongoing move to the cloud in search of efficiencies and business benefits. Its timing reflects an acceleration to cloud computing as a result of the coronavirus pandemic, although it also notes a change in the cloud proposition stating: “Initial enthusiasm for large scale transitions of entire application portfolios to the public cloud has subsided to a more practical pace amid deeper consideration of the specific requirements for individual business solutions.”

Business and regulatory issues to consider before embarking on a cloud adoption journey include:

  • State and cost of an existing solution
  • Appropriateness of cloud technology for business purposes
  • Ongoing support for data security and privacy
  • Ability of cloud technology to meet clients’ resiliency and performance demands

From a data and data management perspective, governance is key. Robert Palatnick, managing director and global head of technology research and innovation at DTCC, says: “At DTCC, any move to the cloud starts with governance processes. These are a key enabler to the cloud journey.” He notes that governance is not usually an IT responsibility, and is more likely to be the remit of control roles in areas such as risk, audit, compliance and legal.

Talking about the DTCC’s cloud adoption, Palatnick says: “We evaluated every app and associated data for cloud worthiness and whether cloud technology could support our data ratings and tier ratings for apps.”

The company’s data rating puts personal data and immediate trading data in the top tier of ‘red data’, above other ratings such as internal memos and, finally, public data. Palatnick says: “There are shades of red depending on how old data is, whether it is used in an app or archived, and how it is encrypted. This is all part of data governance.”

Classification of apps is made on the basis of how critical they are, recovery time and recovery objectives, issues that are often both business and regulatory requirements. The top tier of apps are those requiring the shortest time to recovery with as little data loss as possible. In lower tiers are processes and development environments with a longer time to recovery, but no impact on customers.

“We assess data and apps very carefully, and have moved app by app,” says Palatnick. “We have not yet moved our most critical processing, real-time clearing and settlement, to the cloud, but we are making progress.” Lessons learnt from DTCC’s cloud journey include the importance of governance and the need to engineer security as cloud vendors offer security capabilities but they must be customised to meet specific requirements.

Summing up elements of best practice, the DTCC report lists:

  • Regulated entity obligations: cloud strategy, cloud governance, proactive security controls oversight, exit strategy
  • Foundational technology capabilities: architecture, automation, on-premises cloud options, lift and shift vs. design for cloud
  • Resilience and resilience verification capabilities: failover and disaster recovery, resilience, and chaos engineering
  • Cloud vendor obligations: contractual agreement considerations, security considerations, evidence of available capacity, data localisation and privacy

As DTCC continues its cloud journey, further consideration will be given to developing applications using only cloud-ready technologies and approaches, and automation and layering of technologies to leverage cloud-hosted applications. Alerting and monitoring will continue to be core elements of resilient and secure operations, while the establishment of a principles-based, harmonised regulatory framework should better support further adoption of cloud services. Finally, the report parallels industry interest in a common lexicon of cloud terminology that could foster effective, cross-sector communication and increased understanding of regulatory requirements.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: Modernising Data Infrastructures: Challenges and opportunities of managing complex financial data and analytics in hybrid and multi-cloud environments

As they forge ahead with their digital transformation programs, financial institutions are finding that the internal platforms they use to manage complex data sets for trading, investment, risk, and compliance are no longer fit for purpose. The ongoing shift toward cloud hosting is forcing practitioners to manage the transition from deeply entrenched legacy platforms to...

BLOG

Machine-Executable Regulations Promise Improved Data Quality and Efficiency in Reporting

Ensuring data quality for regulatory reporting is an ongoing headache for many financial institutions, but solutions that could ease the pain are emerging. We talk to Sassan Danesh, a member of the Derivatives Service Bureau (DSB) management team, about approaches to regulatory data quality issues using machine-executable validation rules ahead of his keynote at next...

EVENT

A-Team Innovation Briefing: Innovation in Cloud

This Innovation Briefing will explore approaches to data infrastructure transformation, technologies required and how to make sure processes are optimised to support real time data management. Hear from leading practitioners and innovative technology solution providers who will share insight into how to set up and leverage your data infrastructure to provide user access to consistent data and analytics, and companies the ability to monetise their data.

GUIDE

ESG Data Handbook 2022

The ESG landscape is changing faster than anyone could have imagined even five years ago. With tens of trillions of dollars expected to have been committed to sustainable assets by the end of the decade, it’s never been more important for financial institutions of all sizes to stay abreast of changes in the ESG data...