About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

FSB Weighs In On Risks Inherent In Cloud Adoption For Financial Service

Subscribe to our newsletter

The rapid adoption of cloud computing and data services by financial institutions could raise new implications for financial stability, warns global regulatory body the Financial Stability Board (FSB) – including a lack of transparency when it comes to legal and regulatory compliance.

A new report from the FSB released this week highlights potential issues for financial institutions that use third-party service providers, particularly in a cross-border context, noting that operational, governance and oversight considerations linked to the potential concentration of those providers could impede the ability of both institutions and regulators to assess whether a service is meeting its legal and regulatory obligations.

The appeal of cloud services is easy to see. “By creating geographically dispersed infrastructures, and investing heavily in security, cloud service providers may offer significant improvements in resilience for individual institutions,” notes the report. “They may allow institutions to scale more quickly, to deliver improved automation, and to operate more flexibly by reducing initial investment costs and freeing institutions from the replacement cycles of their own infrastructure. Cloud service providers should also benefit from economies of scale, which may result in lower costs to clients.”

Adoption is certainly on the rise. A September 2019 survey from Refinitiv on cloud adoption in financial services found that the proportion of IT budgets committed to public cloud services was up to 41% this year (from 34% in 2018), with a majority (75%) of respondents claiming that their cloud projects have delivered better-than-expected cost efficiencies.

However, the FSB identifies a number of potential risks around cloud usage – operational incidents at third-party service providers could result in temporary outages affecting financial institutions, for example, while misconfigurations of new tools could result in potential data breaches.

“There may be a reduction in the ability of FIs and authorities to assess whether the service is being delivered in line with legal and regulatory obligations and the firm’s risk tolerance due to contractual limitations on FIs’ and authorities’ rights of access, audit and information,” warns the regulator. “These legal limitations may also restrict the ability of authorities to effectively access critical data held by third parties if necessary.”

The report, which surveyed almost 300 financial institutions of varying sizes from around the world, also found that most firms tend to rely on a narrow set of major providers. And while most institutions use at least two different providers, four vendors clearly dominate the market, and were most frequently identified by users on both a regional and a global level – raising concerns around the potential implications on the financial services industry should one of them suffer large-scale operational failure or insolvency.

Finally, the report raises a number of cross-border issues in the oversight of providers and management of systemic risks. “Since the use of cloud services does not reduce the responsibility of FIs, authorities and FIs should ensure that they understand the characteristics of cloud services offered by third parties prior to any significant migration, and maintain good governance in using them,” advises the FSB.

It should be noted that at present, the FSB has determined that there are no immediate financial stability risks stemming from the use of cloud services by financial institutions. However, the report does recommend further discussion by supervisory and regulatory authorities around the usage and approach to cloud-based services.

Subscribe to our newsletter

Related content

WEBINAR

Upcoming Webinar: Best practices for regulatory reporting

Date: 16 July 2024 Time: 10:00am ET / 3:00pm London / 4:00pm CET Duration: 50 minutes Regulatory reporting is a repetitive, time consuming and expensive business. At its best it requires robust data governance, automated data collection and reporting, standardised reporting formats, a centralised reporting system and a means to monitor and review regulatory change....

BLOG

DTIF Partners DLC Distributed Ledger Consulting to Add Crypto Risk Metrics to Digital Token Identifiers

The Digital Token Identifier Foundation (DTIF), created by Etrading Software to provide ISO standard identifiers for digital assets based on open data principles, has reached agreement with DLC Distributed Ledger Consulting to display a crypto risk metrics score on Digital Token Identifiers (DTIs) for commonly traded tokens. The metric score, combined with the DTI standard,...

EVENT

AI in Capital Markets Summit London

The AI in Capital Markets Summit will explore current and emerging trends in AI, the potential of Generative AI and LLMs and how AI can be applied for efficiencies and business value across a number of use cases, in the front and back office of financial institutions. The agenda will explore the risks and challenges of adopting AI and the foundational technologies and data management capabilities that underpin successful deployment.

GUIDE

MiFID II Handbook

As the 3 January 2018 compliance deadline for Markets in Financial Instruments Directive II (MiFID II) approaches, A-Team Group has pulled together everything you need to know about the regulation in a precise and concise handbook. The MiFID II Handbook, commissioned by Thomson Reuters, provides a guide to aspects of the regulation that will have...