The rapidly evolving role of the cloud within trading operations at financial services organizations was one of the key themes of TradingTech Summit 2020, an A-Team Group event, held in London in late February. Over the course of the day, speakers addressed a wide range of aspects of cloud usage within the overall technology infrastructure of a firm. Overall, it seems that the cloud is beginning to be seen as having an important part to play, although there are still challenges to be resolved.
Understanding the use cases
To begin with, speakers talked about the types of use cases that the cloud was suited for today. “The infrastructure landscape is fundamentally changing,” says Donal Byrne, chief technology officer at Pico, in his keynote presentation. “While the high end of electronic trading is still very much about custom infrastructure – very, very, very targeted technologies – that is fundamentally changing going forward, for a proportion of their trading infrastructure.” Firms will continue to use all of the approaches that they currently use to impact trade outcome in terms of speed, price, scale and agility, he says. However, the cloud has an increasing role to play, and the future of trading includes “the AI trader, and he or she is only getting started.”
In fact, according to a recent survey by JP Morgan, 71% of traders believe that artificial intelligence and machine learning provide deep data analytics for their daily trading activity; 66% of traders believe that artificial intelligence and machine learning optimizes trade execution; and 58% of traders believe that artificial intelligence and machine learning represents an opportunity to hone their trading decisions, says Byrne. He adds, “There is almost no client that I engage with that doesn’t have an AI, machine learning or data science team that is in play.”
However, no matter how exciting the idea of using the cloud to support innovation is, the cloud also has a range of potential applications for existing use cases, too. When it comes to these, there isn’t a “one size fits all” approach to the cloud for the industry – most firms will look at the way they engage with cloud computing across three aspects, says Steve Hewson, global head of product and technology at Fixnetix. These are distribution of data, high performance computing, and the type of cloud environment, including both public and private cloud. He adds, “I think one thing everybody will agree on is that a hybrid-type of cloud environment is probably where the industry will sit most. Firms will decide what they need based on the profile of their performance, cost, security, and the technology needed for different workloads and the ability to move them across the stacks.”
Addressing important issues
While there is significant opportunity for using the cloud within firms, speakers also noted that there are hurdles to overcome. One big issue is the surge in regulatory interest around the cloud, which regulators are viewing as a way of outsourcing infrastructure. A wide range of supervisory documents have been published over the past few months on this topic, with particular focus on cybersecurity and operational resilience. Regulators are seeking more information about what firms are using the cloud for, and are beginning to ask for data governance processes around information stored in the cloud, as well as model governance for AI and machine learning approaches that are cloud-based, as well.
Although firms can often feel that this plethora of rules is daunting, it can help to step back and see the regulatory interest in context, said one speaker. Since the global financial crisis, regulators are trying to address trust, says Gary Paulin, global head of integrated trading solutions at Northern Trust Capital Markets. So, regulators are focusing on ensuring there is transparency, fairness and accountability – all cornerstones of good governance – within cloud arrangements. He adds, “operational resilience is critical. And of course you cannot outsource that as a client, you have to deliver it. So, it’s important to ensure that your vendor has really robust operational resilience.”
As a result of these regulatory concerns and compliance demands around the cloud, boards and senior managers are keen to ensure any cloud deployments do not push a firm beyond its risk appetite, and that sufficient controls are in place, says Ashok Kalyanswamy, CIO at Saxo Bank. Adds Rachel Przybylski, head of regulatory quality assurance, trading platforms and core technology at Man Group: “I think we can all appreciate that it is important to keep at the forefront of our minds how the regulators think about risk and governance’ when designing a cloud strategy.” Kalyanswamy adds that a good first step that is important to take is to “demystify” the cloud for all stakeholders – it is desirable to work with the cloud provider to achieve this internally.
Cloud providers are working to address these regulatory demands, to support their financial services clients. For example, speakers said they thought that a lot of the tools offered by public cloud and by managed service providers (MSPs) offer the transparency that’s needed by the board and the management team in response to regulatory demands. In some ways, speakers noted, such offerings can be easier to manage than on-premises configurations. It can be more direct to hold the service provider to account were a configuration to deviate from what has been contracted, and some providers now offer configurations that “self-heal”.
Security is another area where regulators are putting a lot of focus, but the solution here doesn’t just sit with the cloud providers, speakers said. They noted that while Google and other cloud providers are very secure, firms need to realize that they are responsible for securing what they deploy. Says Will Winzor-Saile, execution analytics and architecture at Redburn, “What you have to keep in mind is that you are still moving data about, you are still using different providers in different situations, and even if their default position can be very secure and very compliant, that doesn’t mean that your particular implementation of it is.”