Financial services and cloud: Delivering digital transformation in a highly regulated industry

The financial services community has gone from being one of the least likely sectors to adopt cloud to becoming one of its keenest users, as regulator attitudes to using the technology have become more accommodating

This article can also be found in the Premium Editorial Download: Computer Weekly: The £1bn IT plan to modernise UK railways

The financial services industry has undergone a sizeable image change over the past decade or so when it comes to how its appetite for digital transformation is perceived.

For a long time, it was assumed that the onerous – yet necessary – regulatory landscape in which the sector operates would make moving to the cloud almost impossible for financial services companies to do so in a wholesale sense.

Financial data is just too valuable and sensitive to move off-premise and entrust to the public cloud. Meanwhile, the legacy mainframes, monolithic applications and paper-based process they rely on to keep the economy ticking over are tried, tested and true.

But legacy technology was also fallible, inflexible, and costly to run, and made it difficult for banks to respond to market changes or roll out new services to customers in a timely way.

This left the market not only ripe for disruption from new entrants, but also in dire need of some large-scale digital transformation, says Sacha Labourey, CEO and co-founder of continuous integration software supplier CloudBees. It just took the industry a little while to appreciate the bind it was in, he says.

“When we started CloudBees back in 2010, one of the things I did was visit Wall Street and talk about public cloud and how it could bring velocity to the banks and they really thought that was cute,” says Labourey. “I had no clue what it involved to be a bank, obviously, and so for years they had this wall of reasons why cloud could never be an option.”

Regulations as a barrier to change

The regulatory environment in which the financial services industry operates was the major blocker, and caused many organisations to “hide behind compliance” to avoid using cloud, he says.

But over the past decade, a couple of notable developments have helped to diminish how much of a block to digital transformation red tape and compliance requirements really are.

Chief among them is the publication, in 2016, of the Financial Conduct Authority’s (FCA’s) cloud guidance, which many consider to be a pivotal moment in the industry’s evolving relationship with cloud and other assorted digital transformation techniques.

A number of financial services organisations already had small pockets of cloud use emerging at the time, but the FCA guidance effectively provided a stamp of approval that using cloud was fine to do.

Particularly as it states that Cloud services are safe to use, provided they are deployed with “appropriate consideration” to where their cloud-hosted data will be stored.

From that point on, there was a marked ramp-up in the pace of cloud adoption within the financial services sector, particularly as it also coincided with other regulatory and market developments that would create an environment for cloud use to thrive.

“A combination of three important developments all coming into play at the same time have made financial services embrace the cloud,” says Mark Davies, ex-Deloitte partner and chairman of professional services firm Grovelands.

“It’s so easy to make a sweeping statement and say we can’t do this because of regulators and compliance”
Mark Davies, Grovelands

“Firstly, once it was proved that cloud was being widely used and was effective across other industries, then financial services could no longer ignore it. Secondly, the IT risk functions became more adept at managing the risks. And thirdly, the regulators simply got more comfortable with cloud.”

Not just the FCA, says Davies, but also the Bank of England’s Prudential Regulation Authority, and the Information Commissioner’s Office.

As a result, began to spread across the industry that innovation is possible in the financial services space without firms falling foul of regulators, says Richard Dalton, a digital platform DevOps engineer at HSBC.

“It’s so easy to make a sweeping statement and say we can’t do this because of regulators and compliance,” he says.

But it is possible, as long as organisations take a more granular view of the regulations they need to operate within, and of the products and services they want to transform digitally.

For example, the regulations governing how a bank’s general ledger operates will be stricter and more onerous than those dictating how the company’s public-facing website should be run, and organisations have to tailor their approach accordingly. 

“You have to break it down and understand the risk of your individual product,” says Dalton, while being brutally honest about how much value modernising their IT estate is likely to bring.

“Are you going to gain value by re-architecting it in a cloud-native way?” he adds. “Will that bring value? If not, don’t do it.

“And if it will, is it worth the risk? Or is it more of a risk to have a monolithic application that is difficult to update, versus having easily deployable microservices in the cloud, which can be deployed on demand and are much easier to update from a security perspective and add functionality, too.”

Financial services firms going all-in on cloud

It is perhaps no coincidence that since the FCA guidance emerged, a number of household names from the banking sector, including Barclays, Nationwide and HSBC, have made public commitments to move at least part of their IT infrastructure to the cloud.

HSBC has adopted a multicloud strategy, encompassing technologies from Amazon Web Services (AWS), Google Cloud and Microsoft Azure to acknowledge the fact that some applications and workloads are better suited to one environment than the other, says Dalton.

“It makes sense in terms of spreading out the risk from the point of view of resiliency and cloud portability, as well as transformation and DevOps,” he adds.

Indeed, the move to cloud for many financial services firms has gone hand-in-hand with the adoption of new ways of working within their organisations that prioritise agile practices, and encourage organisations to leave waterfall software development processes in the past.

And all this work is being undertaken in acknowledgement of the fact that it is the software and applications they can offer their customers that will provide the biggest point of competitive difference between them all, says Cloudbees’ Labourey. “There is a clear understanding now in the financial industries that software is super-important and critical to their success,” he adds.

Cloud-powered challenger banks

But it is not just the incumbents of the financial services industry that regulatory support has emboldened when it comes to moving to the cloud.

In the wake of the 2016 FCA regulations, a new generation of digitally focused challenger banks emerged, such as Monzo, Tandem and Starling, that are putting even more pressure on the legacy providers to get their digital transformation plans sorted.

“You just need a couple of good developers and some good funding to start challenging the establishment,” says Labourey. “That is a simplified view, but a lot of the challenger companies are trying to seize one part of the business – either low-margin or high-margin bits of the legacy banks’ business.

“For the bigger institutions, it means they are under attack from many pillars. So maybe none of them seem like a huge threat on their own, but all of them combined present a huge challenge.”

Particularly as the smaller, newer challenger banks are unlikely to be under the same legacy technology and red tape burdens as their older, more established counterparts, which can give them a significant advantage when it comes to their own digital transformation plans.

How Tandem tackles transformation

That is certainly true in the case of Tandem Bank, which predominantly specialises in providing credit card services and savings accounts, after acquiring its banking licence in early 2018 through its takeover of Harrods Bank.

The company has seen a rapid rise since then in the number of customers signed up to use its services, from about 21,000 at the time of the takeover to 500,000 today, and it has designs on launching its own current accounts in due course.

“Before the migration, the on-premise infrastructure was beginning to struggle,” says Difa Niculescu, IT director at Tandem Bank. “As we grew and scaled our environments, we could tell that the current setups are really starting to strain in terms of our ability to scale them, and it would have meant quite drastic alterations being made to the on-premise infrastructure to deal with customer demand.

“When we discussed how we wanted to scale the business, to drive for customer demand, be able to innovate, change rapidly and release [new software] features faster, we decided that cloud was our best opportunity to do that.”

To ensure it has the compute capacity to not only expand the range of services it provides, but also cope with the uptick in user numbers that it continues to see, Tandem selected the Amazon Web Services (AWS) public cloud as its migration destination of choice.

“We are very much iterating and cloud is enabling us to offer more”
Difa Niculescu, Tandem Bank

The switchover was about 10 months in the , as the organisation laid the groundwork with AWS partner NordCloud to move out of the managed, on-premise datacentre previously used to host its main banking app.

“The most difficult part of what was a 10-month programme of work was that we were working to transform the current application, which was manually built, on-premise, and converting that into infrastructure as code,” says Niculescu.

“So we essentially took what would be manually-built environments that would usually take us weeks and months and numerous contract amendments to essentially grow and scale environments,  and transformed it so that we could do them within the day – but now we can do all of this within 40 minutes, roughly.”

The preparatory work also saw Tandem embark on a machine learning proof of concept with AWS, so that it could elements of personalisation into its flagship app. Moving it from the on-premise hosting environment to the AWS cloud took place over a single evening, says Niculescu.

With its move to the cloud now complete, Tandem is focusing on drawing on the capabilities that cloud gives the company to add even more functionality to its app, as quickly as its customers demand it.

This will be made possible by reworking the application’s monolithic architecture to embrace microservices, along with container and serverless technologies, says Niculescu.

“We are very much iterating and cloud is enabling us to offer more,” he says. “That means more product features to the customers, delivered using a reliable, repeatable and scalable infrastructure.”

Read more about cloud migrations within the financial services market

As mentioned above, combining a move to the cloud with the adoption of more agile ways of working is proving critical for banks that, for scale and legacy technology reasons, may find it difficult to remain one step ahead of current competitive threats, says HSBC’s Dalton.

It is also enabling banks to create efficiencies within their organisations, which is also critical given the longstanding lull in interest rates that firms across the financial services sector have been operating with for some time now.

“Being able to deploy software faster and more regularly is key to positioning yourself in the market and positioning the organisation to pivot on change, certainly when an organisation is operating in unpredictable and volatile situations,” says Dalton. “That ability is what positions you for the future.”

Protect and innovate

And having that capability becomes even more critical for an organisation the size of HSBC, for example, which needs to protect and innovate within the existing parts of its business to stay ahead of new competitive threats, while at the same time having capacity to expand into new areas.

“It is important that you are agile enough to not only compete with the rich feature sets, but also the demand from younger generations to do everything in the palm of your hand and potentially not set foot in a bank branch,” says Dalton.

“Equally, though, there has been a big push recently to add value in branches and deploy more technology in terms of helping people as they walk through the doors. We are seeing a lot of investment in that across the sector.”

It is fair to assume that meeting the needs of customers that prefer online to face-to-face banking, and vice versa, will remain a balancing act for almost all the incumbents in the banking sector for a long time to come.

Meanwhile, the sector’s (relative) newcomers continue with their efforts to hive off customers on a service-by-service basis, and live up to their “challenger” reputations by daring to approach banking in new and disruptive ways.

It almost goes without saying that cloud is likely to play an important part in however the incumbents and the challenger banks decide is the best way to tackle their respective market challenges.

Read more on Infrastructure-as-a-Service (IaaS)