Banking in the Cloud: Why Regulation Matters

  • Sébastien Marotte, President of EMEA at Box

  • 21.04.2022 11:30 am
    • #banking #cloud

Earlier this year, UK financial regulators expressed their concerns over British banks’ increased dependency on a handful of cloud service providers. There is genuine fear that an outage or cyberattack on a cloud provider could severely disrupt a banking system, preventing millions of people from accessing their finances or having their financial data leaked. This has caused regulatory bodies to step up their scrutiny of cloud computing. 

The Bank of England’s Prudential Regulation Authority (PRA) is exploring how it can gather more information and testimonies from cloud providers. Aiming to understand the operational resilience of their services, the PRA is considering the introduction of more robust outage and disaster recovery tests. However, experts are doubtful that cloud providers will willingly open up their operations, as they do not fall under the Bank of England’s jurisdiction. 

Moreover, with the ongoing conflict in Ukraine, the financial sector has been warned that it could be a target for Russian cyberattacks in retaliation to Western sanctions. Given the increase in these types of threats across the economy, cloud service providers must work collaboratively with regulatory bodies to improve security and trust among customers. 

Banking’s digital transformation

The digital transformation of the financial services sector has been an ongoing process over the past several decades, but it has not come without resistance. Many retail banking customers were slow to warm to the idea of online banking, having long expressed concerns about the demise of the physical bank branch

However, the pandemic has forced a change in these attitudes, when banks were forced to shut overnight and move their services entirely online. In fact, a recent survey by KPMG revealed that a fifth of people have not visited a bank branch since the pandemic began. To support this digitisation process, banks have swiftly migrated their infrastructure to the cloud. According to IDC, banks’ spending on cloud computing services is forecast to grow more than 16% a year through 2024 – compared with a 4.5% annual increase in their overall IT budgets.

But with the increased reliance on digital technology accelerated by the pandemic, there has been an exponential rise in the number of cyber threats across industries. And as an especially lucrative market, the financial services sector has been hit particularly hard by cyberattacks. According to Kroll’s Threat Landscape Report, the financial services sector is one of the most heavily targeted industries for cyberattacks, accounting for 13% of all attacks. 

The potential devastation from an attack on a major bank was on show earlier this month, when American Express experienced outages across its network, causing payment issues for customers across the UK, Europe, and the US. Given this looming cybersecurity threat, regulators are rightly working with urgency to ensure that financial services providers are able to protect their customers from any threats they may face. 

Grave security risks lie in legacy infrastructure

While regulators have expressed concerns about the security of certain applications of the cloud, the risk from legacy infrastructure is far higher. Accordingly, the digitisation of the financial services sector remains an urgent challenge. Many legacy banking systems have been running for more than 30 years, with an estimated £2 trillion passing through them every day. With such a large quantity of funds dependent on such complex and outdated systems, many banks have been hesitant to alter their infrastructure. 

However, legacy systems are commonly left unsupported by service providers and vendors. On the rare occasions that a vendor continues to support these legacy systems, banks are faced with huge bills by providers to keep these systems up and running. Not only is this costly but also highly ineffective, as the expertise on such legacy systems dwindles by the year.

In theory, cloud-first solutions with security built into the infrastructure should be inherently more secure. This is largely because these systems receive real-time updates and alerts, and engineering operations teams can produce patches and new features, ensuring that security vulnerabilities that arise can be fixed before any data is at risk. This flexibility and agility are built with the long-term in mind, meaning cloud vendors constantly iterate on their solutions to ensure they are meeting the changing needs of their customers.

Cloud infrastructure also helps financial service institutions have a better handle on their compliance and regulation procedures. For instance, it allows banks to use multiple data centres with multi-region architecture, and provide the ability to failover quickly should an attack or outage occur. For reporting, it also allows the monitoring of who has uploaded, viewed and shared content, which can help ensure compliance with data protection regulations, such as GDPR.

Regulatory bodies are the solution, not the problem

The recent regulatory focus on banks’ over-dependence on a handful of cloud service providers is to be encouraged. In the current threat landscape, security and compliance must be central to every digital solution’s DNA, especially when public finance is at stake. 

However, while service providers have instinctively pushed back against the proposed checks, past regulation has been shown to help improve security and customer trust in the long term. For instance, when the EU’s GDPR law was introduced in 2018, it set a precedent that the responsibility falls on businesses to protect customers’ sensitive data. Since organisations regularly gather personal data, GDPR put safeguards in place to better protect data from bad actors, as well as requiring organisations to protect the data that they gather from exploitation and misuse. 

By providing people with greater control over their personal data and simplifying processes for businesses, GDPR has provided a framework for how companies should act when data breaches occur. As a result, consumer confidence increased by 62%, as people felt more in control of their data and privacy. Ultimately, the introduction of similar legislation for the cloud must be both challenged and accommodated to ensure that positive outcomes are achieved. 

With a growing dependence on digital technology and the migration to the cloud, as well as the increased risk of cyberattacks, having regulations and guidance in place for financial services cloud operators to follow if a vulnerability does occur will ultimately help reinstill customer trust. When it comes to the migration to the cloud, regulation truly matters.

Related Blogs

Cloud technology holds the potential to skyrocket...
Cloud technology holds the potential to skyrocket...
  • 3 years 19 hours ago 09:00 am

Other Blogs

Fintech Trends for 2025: Blockchain, Open Banking, and...
Fintech Trends for 2025: Blockchain, Open Banking, and...
  • 2 weeks 2 days ago 07:00 am
The Evolving AI Landscape and Implications for...
The Evolving AI Landscape and Implications for...
  • 2 weeks 3 days ago 06:00 am
Smart Payment Solutions Transforming Consumer...
Smart Payment Solutions Transforming Consumer...
  • 2 weeks 3 days ago 07:00 am
2024 Reflections And 2025 Predictions
2024 Reflections And 2025 Predictions
  • 2 weeks 3 days ago 04:00 am
Navigating Payment Challenges In Travel: The Road...
Navigating Payment Challenges In Travel: The Road...
  • 2 weeks 3 days ago 01:00 am
The Future Of Insurance Payment Processing: AI,...
The Future Of Insurance Payment Processing: AI,...
  • 2 weeks 6 days ago 06:00 am
Navigating The Future Of Finance: Innovation,...
Navigating The Future Of Finance: Innovation,...
  • 2 weeks 6 days ago 03:00 am
Pay by Bank: A Revolution in Payments and the Battle...
Pay by Bank: A Revolution in Payments and the Battle...
  • 3 weeks 2 days ago 06:00 am
AI, Fraud Prevention, Instant Payments
AI, Fraud Prevention, Instant Payments
  • 3 weeks 2 days ago 04:00 am
Nutanix Predictions for 2025
Nutanix Predictions for 2025
  • 3 weeks 2 days ago 07:00 am
The Key Steps to Ensuring DORA Compliance
The Key Steps to Ensuring DORA Compliance
  • 3 weeks 2 days ago 06:00 am
The Role of Corporate Digital Identity in Preventing...
The Role of Corporate Digital Identity in Preventing...
  • 3 weeks 2 days ago 02:00 am