Opinion: The Growing Case for Cloud in Operational Risk Management

Arin Ray

High regulatory scrutiny and considerations about data security in financial services long meant that risk management wasn’t a traditional fit for cloud migration. That’s changing.

By Arin Ray

Now, cloud-based models are being adopted across the financial services value chain—even for functions that, until recently, hadn’t been part of the cloud journey, including operational risk management. One marker of this: 82% of respondents in a survey of banks agree or strongly agree that cloud-based deployment is where they’ll be in the coming five years.

Financial institutions (FIs) are demonstrating a growing desire for cloud as a way of being more open, faster, nimbler, and more easily connected with both internal and external ecosystems. The trend toward the cloud for operational risk management is being embraced by banking, insurance, capital markets, and asset and wealth management institutions.

Why now for operational risk management in the cloud?

Historically managed with on-premises solutions, operational risk management in financial services includes risk functions, such as anti-fraud, anti-money laundering (AML); cybersecurity; governance, risk, and compliance (GRC); know your customer (KYC); regulatory change management and reporting; suitability and conduct management; and trade surveillance. As cloud providers invest significantly in fortifying data security and privacy over the cloud, and expanding geographic availability, FIs show a growing (but still cautious) willingness to move these functions to the cloud.

The cloud imperative is now clearer than ever for banking and financial services, even though regulated industries such as these have lagged in the past. The pandemic drove some of this acceleration, as digitization trends ramped up, as enterprises moved to unite disparate processes and siloed operations, and FIs turned to the cloud to support collaboration among remote employees.

Other factors are also at play. FIs now recognize that the cloud can offer benefits for their infrastructure and technology, beyond the cost-optimization considerations that had long been the main focus. These include streamlined, faster deployments; easier maintenance and upgrades; and advanced analytics, artificial intelligence (AI), and machine learning (ML) techniques. As part of a trend seen over the past five years toward a modular architecture for technology stacks, FIs are embracing the building blocks that can be easily integrated and shared (e.g., across business lines, channels, products, regions of operation); breaking down silos in this manner is particularly important for risk functions, where tighter integration is necessary.

The current solutions provider landscape—rich with cloud-native innovation and value propositions that solve intractable challenges in risk and compliance—means that FIs can select risk management technology from a robust vendor ecosystem, evaluating options from startups and incumbents against in-house options. FIs are recognizing that the major cloud providers are better equipped than the FIs themselves to invest in, manage, and strengthen capabilities such as compliance, data security, privacy, and residency aspects.

Cloud use cases for operational risk management

The digital transformation journeys of FIs will depend on cloud-based models that support multiple functions in operational risk management. Cloud-based solutions are being adopted for use cases including:

  • AML: In AML, cloud favorability is particularly high in watchlist screening, as it supports faster KYC onboarding, transaction screening at scale, and multilingual text analysis. Cloud-based AML deployments offer cost advantages and ease of maintenance for small-and mid-sized FIs; larger FIs are using it for advanced analytics.
  • Anti-fraud: Cloud-based platforms help monitor cross-channel fraud, evaluating fraud risks across channels and devices. Cloud can help integrate functions including unified AML and anti-fraud operations, identity authentication and verification, and insider and enterprise fraud management.
  • Conduct: Conduct solutions to track employee sales practices, government/ corporate relationships, investments, and outside business activities. Cloud deployment supports distributed solutions to maximize engagement and use by employees and stakeholders.
  • GRC: A cloud-based GRC approach unites all operational risk management and compliance elements into a single source of truth, providing an agile, scalable, cost-effective integrated view of the FI’s risk situation. The result: an automated, centralized collection of risk assessments, enterprise-wide, and nearly real-time analyses and visualization capabilities.
  • KYC: Cloud helps centralize and support the sharing of KYC case investigation tasks and results, data and documents. Contemporary cloud-based KYC solutions support scalable advanced analytics and real-time search.
  • Regulatory change management: Managing policies and procedures and keeping them current with changing regulations have historically been clunky due to siloed systems and procedures. Cloud offers the possibility of breaking down the silos and applying automation techniques, such as AI, natural language processing, and robotic process automation, to support automated and contextual policy updates.
  • Trade surveillance: Cloud’s easy scalability and high elasticity help monitor fluctuating volumes of trades. Advanced analytics and AI can help discern complex trading patterns across asset classes, for example, and combine trade and communication surveillance.

The changing landscape of solution providers

As FIs move to embrace cloud technologies for operational risk management, they have a growing number of solutions to help with the migration. Vendors are evolving multiple types of offerings that service different risk-based focus areas. Fintech and regtech providers are launching new, innovative propositions to solve deep-rooted problems in financial services. Solutions from most new entrants have a cloud-first, if not cloud-native, approach. Concurrently, incumbent vendors are differentiating their solutions and offering new deployment options to make those solutions cloud-friendly or even cloud native.

These solution providers must also step up to help with the adoption of their offerings. This includes everything from developing an ecosystem strategy (i.e., where vendors benefit from major platform economies and the marketplaces emerging from cloud developments), support for clients moving their operational risk functions from on-premises to the cloud, and clear information about common pitfalls and success stories. 

Next steps for financial institutions

To embrace the cloud effectively, FIs can move gradually. Migrating operational risk systems is often performed after moving other critical systems to the cloud and as part of broader enterprise-wide initiatives. Some medium-sized companies that may not have organization-wide cloud strategies may still use cloud solutions, such as software-as-a-service (SaaS), for some operational risk functions. FIs, cautious to avoid vendor lock-in as they migrate to the cloud, may also consider multi-cloud strategies to match applications to the most appropriate environment(s).

As FIs strategize about their medium-to-long-term technology choices, cloud is certain to play a significant role. Today, that’s true even for the critical functions of operational risk.


Arin Ray is a former analyst with Celent’s risk practice.


Read this next

Digital Assets

Coinbase CEO says Chase UK’s ban on crypto “totally inappropriate”

Coinbase CEO Brian Armstrong criticized Chase UK’s decision to restrict cryptocurrency-related transactions in the UK. He called the move “totally inappropriate” and expressed his disagreement with the bank’s decision to ban its UK customers from conducting debit card or wire transfers related to cryptocurrencies.

Digital Assets

Binance CZ refutes any connection with CommEX

Changpeng “CZ” Zhao, the founder and CEO of Binance, has denied being the owner of CommEX, the company that reportedly acquired Binance’s business in Russia.

Institutional FX

Refinitiv’s spot FX volumes hit 8-month low

Refinitiv, the former Financial and Risk business of Thomson Reuters, today reported that the average daily volumes (ADV) of currency trading were $424 billion last month on the company’s main FX trading services.

Executive Moves

Integral hires industry veteran Paul Arnold as liquidity manager

Integral, a technology provider to the financial markets’ buy-side, has appointed Paul Arnold, a highly experienced FX industry professional, as its liquidity manager, according to information made public on his Linkedin profile.

Digital Assets

Terraform’s Do Kwon challenges US extradition request

Do Kwon, the crypto entrepreneur and former CEO of Terraform Labs, is opposing the U.S. Securities Exchange Commission’s request to question him about the crash of his company’s stablecoins Terra and Luna.

Digital Assets

Coinbase gets nod to offer futures for retail customers

Coinbase International Exchange has received regulatory approval from Bermuda’s financial regulator, the Bermuda Monetary Authority (BMA), to allow eligible non-US retail customers to trade perpetual futures contracts.

Inside View

How brokers can win the trading tech wars: Insights from iFX EXPO 2023

Last week’s iFX EXPO International 2023, held at the City of Dreams Mediterranean Integrated Resort in Limassol, Cyprus, welcomed a series of insightful discussions. A panel that particularly stood out focused on the role and evolution of trading technology.

Crypto Insider

Web3 Transformation: Radix’s Babylon Update Redefines User and Developer Engagement

Radix Publishing leaps forward in the decentralized world with the release of the Babylon mainnet upgrade, bridging the gap between innovative tech and user-friendly DeFi experiences.

Digital Assets

Crypto.com Joins Forces with PayPal and Paxos for Enhanced PYUSD Exchange Experience

Crypto.com collaborates with PayPal and Paxos to fortify its position as the premier exchange for PYUSD, marking a significant milestone in the global crypto landscape.