About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

DTCC Details Lessons Learnt and Best Practice Approaches Resulting from its Cloud Adoption Journey

Subscribe to our newsletter

DTCC has highlighted the challenges and opportunities of its cloud adoption journey in a white paper published today and designed to help financial institutions take best practice approaches to cloud implementation.

The paper, Cloud Technology: Powerful and Evolving, is authored by the company and recognises financial firms’ ongoing move to the cloud in search of efficiencies and business benefits. Its timing reflects an acceleration to cloud computing as a result of the coronavirus pandemic, although it also notes a change in the cloud proposition stating: “Initial enthusiasm for large scale transitions of entire application portfolios to the public cloud has subsided to a more practical pace amid deeper consideration of the specific requirements for individual business solutions.”

Business and regulatory issues to consider before embarking on a cloud adoption journey include:

  • State and cost of an existing solution
  • Appropriateness of cloud technology for business purposes
  • Ongoing support for data security and privacy
  • Ability of cloud technology to meet clients’ resiliency and performance demands

From a data and data management perspective, governance is key. Robert Palatnick, managing director and global head of technology research and innovation at DTCC, says: “At DTCC, any move to the cloud starts with governance processes. These are a key enabler to the cloud journey.” He notes that governance is not usually an IT responsibility, and is more likely to be the remit of control roles in areas such as risk, audit, compliance and legal.

Talking about the DTCC’s cloud adoption, Palatnick says: “We evaluated every app and associated data for cloud worthiness and whether cloud technology could support our data ratings and tier ratings for apps.”

The company’s data rating puts personal data and immediate trading data in the top tier of ‘red data’, above other ratings such as internal memos and, finally, public data. Palatnick says: “There are shades of red depending on how old data is, whether it is used in an app or archived, and how it is encrypted. This is all part of data governance.”

Classification of apps is made on the basis of how critical they are, recovery time and recovery objectives, issues that are often both business and regulatory requirements. The top tier of apps are those requiring the shortest time to recovery with as little data loss as possible. In lower tiers are processes and development environments with a longer time to recovery, but no impact on customers.

“We assess data and apps very carefully, and have moved app by app,” says Palatnick. “We have not yet moved our most critical processing, real-time clearing and settlement, to the cloud, but we are making progress.” Lessons learnt from DTCC’s cloud journey include the importance of governance and the need to engineer security as cloud vendors offer security capabilities but they must be customised to meet specific requirements.

Summing up elements of best practice, the DTCC report lists:

  • Regulated entity obligations: cloud strategy, cloud governance, proactive security controls oversight, exit strategy
  • Foundational technology capabilities: architecture, automation, on-premises cloud options, lift and shift vs. design for cloud
  • Resilience and resilience verification capabilities: failover and disaster recovery, resilience, and chaos engineering
  • Cloud vendor obligations: contractual agreement considerations, security considerations, evidence of available capacity, data localisation and privacy

As DTCC continues its cloud journey, further consideration will be given to developing applications using only cloud-ready technologies and approaches, and automation and layering of technologies to leverage cloud-hosted applications. Alerting and monitoring will continue to be core elements of resilient and secure operations, while the establishment of a principles-based, harmonised regulatory framework should better support further adoption of cloud services. Finally, the report parallels industry interest in a common lexicon of cloud terminology that could foster effective, cross-sector communication and increased understanding of regulatory requirements.

Subscribe to our newsletter

Related content

WEBINAR

Recorded Webinar: How to optimise SaaS data management solutions

Software-as-a-Service (SaaS) data management solutions go hand-in-hand with cloud technology, delivering not only SaaS benefits of agility, a reduced on-premise footprint and access to third-party expertise, but also the fast data delivery, productivity and efficiency gains provided by the cloud. This webinar will focus on the essentials of SaaS data management, including practical guidance on...

BLOG

FactSet Introduces Interactive GenAI Solution Transcript Assistant

FactSet has released its first interactive GenAI solution available in the FactSet Workstation. Called Transcript Assistant, the solution is a conversational chatbot designed to accelerate in-depth research and analysis of earnings call transcripts, and help users search, analyse, and extract valuable, actionable insights from all transcripts in FactSet with a view to improving the investment...

EVENT

RegTech Summit London

Now in its 8th year, the RegTech Summit in London will bring together the RegTech ecosystem to explore how the European capital markets financial industry can leverage technology to drive innovation, cut costs and support regulatory change.

GUIDE

Regulatory Data Handbook 2020/2021 – Eighth Edition

This eighth edition of A-Team Group’s Regulatory Data Handbook is a ‘must-have’ for capital markets participants during this period of unprecedented change. Available free of charge, it profiles every regulation that impacts capital markets data management practices giving you: A detailed overview of each regulation with key dates, data and data management implications, links to...