Financial technology research and advisory company Celent published a report in October titled “Cloud-Enabled Governance, Risk, and Compliance Solutions.” Written by research directors Neil Katkov and Cubillas Ding, the report is based on the authors’ study, sponsored by Amazon Web Services, which examined the potential for GRC in the ever increasing number of services moving to the cloud.
The report contends GRC in financial services is at a crossroads. Legacy systems in this arena are failing commercial banks that have moved to more cutting edge solutions for other operations. And like many of those, the services have become cloud based.
“The cloud sits at the center of all major trends today in financial services: cost reduction, focus on core business, automation, operational efficiency, data primacy, analytics, and machine learning,” the report reads. “Cloud-based models have transformed the financial industry across lines of business and operational areas. Solution providers are accordingly utilizing the cloud to create new models for risk and operations.”
A major thrust of the report relies on the idea that regulation technology – or regtech – simply must keep up with financial technology or risk becoming unreliable and, therefore, potentially harmful to a bank. The lines between financial and operational risk are becoming blurred, according to the report. Data has become an important source of strategic advantage and “needs are emerging for data governance frameworks, data monitoring for audit purposes, and data management reporting to fulfill regulations.”
What’s the solution to speed up regtech? In what has become a typical refrain, it’s the cloud and it’s already happening. The report points out that banks of all sizes, whether IT is in-house or third party, are starting to engage cloud solutions to meet regulatory demand at top speed.
BankBeat asked the report’s co-author, San Francisco-based Katkov, some questions about how community banks might approach the changing landscape of regtech.
BankBeat: What sort of path might a small bank pursue to take advantage of cloud tech for governance but keep it within budget? Is there a certain size of institution that will benefit mostly from this tech and why?
Neil Katkov: For banks under $500 million or even $100 million in assets, selecting a software as a service-based solution would be the lightest route to cloud enablement. The threshold for what we might call full-fledged cloud-based risk solutions that support risk calculations, monitoring, and reporting in the cloud is not high: A bank large enough to have an in-house risk team is large enough to benefit from cloud-based risk and governance software.
BankBeat: What are some of the ongoing or unresolved security issues that come with cloud platforms like this for banks and how best are the threats mitigated?
N.K. The security of commercial cloud platforms [such as Amazon, Azure, Google, IBM] is arguably stronger than that of many banks, large or small. Vendor software deployed on the cloud is secured by two entities, the commercial cloud provider and the vendor. Nevertheless, ideally even a small bank would perform due diligence while selecting the software vendor and the cloud platform provider, as well as monitor their cloud deployment on an ongoing basis, just as they would with any outsourcing arrangement.
BankBeat: If I’m a banker on the fence about adopting this sort of regtech, what sort of argument might you make to persuade me?
N.K. Cloud-based software can be set up much more quickly and typically at lower cost, flexibly supports multiple lines of business or geographies, scales easily as banks grow, and can be run with a lighter in-house IT team. Most fundamentally, though, commercial cloud platforms enable regtech solutions that leverage advanced technologies (unstructured data analysis, machine learning, AI) and open APIs to deliver seamless, next-generation capabilities.
BankBeat: Conversely, if I’m all on board with making this tech a part of the operation, what words of caution might you offer?
N.K. Stay in communication with your regulators as you move to cloud-based solutions for risk and compliance. This is new technology and banks will want to ensure that regulators are on board with it. Select white box solutions that can be transparently audited both internally and by regulators [not black box solutions].
BankBeat: Anything else about this technology you think would be of interest to community bankers?
N.K. Much of the activity in regtech is focused on Anti-Money Laundering and Know Your Customer compliance. Incumbent AML/KYC software providers often offer their solutions on the cloud, including to small banks; and a fast-growing number of regtech startups are providing cloud-native AML/KYC solutions.