Opinion: The Growing Case for Cloud in Operational Risk Management
High regulatory scrutiny and considerations about data security in financial services long meant that risk management wasn’t a traditional fit for cloud migration. That’s changing.
By Arin Ray
Now, cloud-based models are being adopted across the financial services value chain—even for functions that, until recently, hadn’t been part of the cloud journey, including operational risk management. One marker of this: 82% of respondents in a survey of banks agree or strongly agree that cloud-based deployment is where they’ll be in the coming five years.
Financial institutions (FIs) are demonstrating a growing desire for cloud as a way of being more open, faster, nimbler, and more easily connected with both internal and external ecosystems. The trend toward the cloud for operational risk management is being embraced by banking, insurance, capital markets, and asset and wealth management institutions.
Why now for operational risk management in the cloud?
Historically managed with on-premises solutions, operational risk management in financial services includes risk functions, such as anti-fraud, anti-money laundering (AML); cybersecurity; governance, risk, and compliance (GRC); know your customer (KYC); regulatory change management and reporting; suitability and conduct management; and trade surveillance. As cloud providers invest significantly in fortifying data security and privacy over the cloud, and expanding geographic availability, FIs show a growing (but still cautious) willingness to move these functions to the cloud.
The cloud imperative is now clearer than ever for banking and financial services, even though regulated industries such as these have lagged in the past. The pandemic drove some of this acceleration, as digitization trends ramped up, as enterprises moved to unite disparate processes and siloed operations, and FIs turned to the cloud to support collaboration among remote employees.
Other factors are also at play. FIs now recognize that the cloud can offer benefits for their infrastructure and technology, beyond the cost-optimization considerations that had long been the main focus. These include streamlined, faster deployments; easier maintenance and upgrades; and advanced analytics, artificial intelligence (AI), and machine learning (ML) techniques. As part of a trend seen over the past five years toward a modular architecture for technology stacks, FIs are embracing the building blocks that can be easily integrated and shared (e.g., across business lines, channels, products, regions of operation); breaking down silos in this manner is particularly important for risk functions, where tighter integration is necessary.
The current solutions provider landscape—rich with cloud-native innovation and value propositions that solve intractable challenges in risk and compliance—means that FIs can select risk management technology from a robust vendor ecosystem, evaluating options from startups and incumbents against in-house options. FIs are recognizing that the major cloud providers are better equipped than the FIs themselves to invest in, manage, and strengthen capabilities such as compliance, data security, privacy, and residency aspects.
Cloud use cases for operational risk management
The digital transformation journeys of FIs will depend on cloud-based models that support multiple functions in operational risk management. Cloud-based solutions are being adopted for use cases including:
- AML: In AML, cloud favorability is particularly high in watchlist screening, as it supports faster KYC onboarding, transaction screening at scale, and multilingual text analysis. Cloud-based AML deployments offer cost advantages and ease of maintenance for small-and mid-sized FIs; larger FIs are using it for advanced analytics.
- Anti-fraud: Cloud-based platforms help monitor cross-channel fraud, evaluating fraud risks across channels and devices. Cloud can help integrate functions including unified AML and anti-fraud operations, identity authentication and verification, and insider and enterprise fraud management.
- Conduct: Conduct solutions to track employee sales practices, government/ corporate relationships, investments, and outside business activities. Cloud deployment supports distributed solutions to maximize engagement and use by employees and stakeholders.
- GRC: A cloud-based GRC approach unites all operational risk management and compliance elements into a single source of truth, providing an agile, scalable, cost-effective integrated view of the FI’s risk situation. The result: an automated, centralized collection of risk assessments, enterprise-wide, and nearly real-time analyses and visualization capabilities.
- KYC: Cloud helps centralize and support the sharing of KYC case investigation tasks and results, data and documents. Contemporary cloud-based KYC solutions support scalable advanced analytics and real-time search.
- Regulatory change management: Managing policies and procedures and keeping them current with changing regulations have historically been clunky due to siloed systems and procedures. Cloud offers the possibility of breaking down the silos and applying automation techniques, such as AI, natural language processing, and robotic process automation, to support automated and contextual policy updates.
- Trade surveillance: Cloud’s easy scalability and high elasticity help monitor fluctuating volumes of trades. Advanced analytics and AI can help discern complex trading patterns across asset classes, for example, and combine trade and communication surveillance.
The changing landscape of solution providers
As FIs move to embrace cloud technologies for operational risk management, they have a growing number of solutions to help with the migration. Vendors are evolving multiple types of offerings that service different risk-based focus areas. Fintech and regtech providers are launching new, innovative propositions to solve deep-rooted problems in financial services. Solutions from most new entrants have a cloud-first, if not cloud-native, approach. Concurrently, incumbent vendors are differentiating their solutions and offering new deployment options to make those solutions cloud-friendly or even cloud native.
These solution providers must also step up to help with the adoption of their offerings. This includes everything from developing an ecosystem strategy (i.e., where vendors benefit from major platform economies and the marketplaces emerging from cloud developments), support for clients moving their operational risk functions from on-premises to the cloud, and clear information about common pitfalls and success stories.
Next steps for financial institutions
To embrace the cloud effectively, FIs can move gradually. Migrating operational risk systems is often performed after moving other critical systems to the cloud and as part of broader enterprise-wide initiatives. Some medium-sized companies that may not have organization-wide cloud strategies may still use cloud solutions, such as software-as-a-service (SaaS), for some operational risk functions. FIs, cautious to avoid vendor lock-in as they migrate to the cloud, may also consider multi-cloud strategies to match applications to the most appropriate environment(s).
As FIs strategize about their medium-to-long-term technology choices, cloud is certain to play a significant role. Today, that’s true even for the critical functions of operational risk.
Arin Ray is a former analyst with Celent’s risk practice.