Opinion: The Growing Case for Cloud in Operational Risk Management

Arin Ray

High regulatory scrutiny and considerations about data security in financial services long meant that risk management wasn’t a traditional fit for cloud migration. That’s changing.

By Arin Ray

Now, cloud-based models are being adopted across the financial services value chain—even for functions that, until recently, hadn’t been part of the cloud journey, including operational risk management. One marker of this: 82% of respondents in a survey of banks agree or strongly agree that cloud-based deployment is where they’ll be in the coming five years.

Financial institutions (FIs) are demonstrating a growing desire for cloud as a way of being more open, faster, nimbler, and more easily connected with both internal and external ecosystems. The trend toward the cloud for operational risk management is being embraced by banking, insurance, capital markets, and asset and wealth management institutions.

Why now for operational risk management in the cloud?

Historically managed with on-premises solutions, operational risk management in financial services includes risk functions, such as anti-fraud, anti-money laundering (AML); cybersecurity; governance, risk, and compliance (GRC); know your customer (KYC); regulatory change management and reporting; suitability and conduct management; and trade surveillance. As cloud providers invest significantly in fortifying data security and privacy over the cloud, and expanding geographic availability, FIs show a growing (but still cautious) willingness to move these functions to the cloud.

The cloud imperative is now clearer than ever for banking and financial services, even though regulated industries such as these have lagged in the past. The pandemic drove some of this acceleration, as digitization trends ramped up, as enterprises moved to unite disparate processes and siloed operations, and FIs turned to the cloud to support collaboration among remote employees.

Other factors are also at play. FIs now recognize that the cloud can offer benefits for their infrastructure and technology, beyond the cost-optimization considerations that had long been the main focus. These include streamlined, faster deployments; easier maintenance and upgrades; and advanced analytics, artificial intelligence (AI), and machine learning (ML) techniques. As part of a trend seen over the past five years toward a modular architecture for technology stacks, FIs are embracing the building blocks that can be easily integrated and shared (e.g., across business lines, channels, products, regions of operation); breaking down silos in this manner is particularly important for risk functions, where tighter integration is necessary.

The current solutions provider landscape—rich with cloud-native innovation and value propositions that solve intractable challenges in risk and compliance—means that FIs can select risk management technology from a robust vendor ecosystem, evaluating options from startups and incumbents against in-house options. FIs are recognizing that the major cloud providers are better equipped than the FIs themselves to invest in, manage, and strengthen capabilities such as compliance, data security, privacy, and residency aspects.

Cloud use cases for operational risk management

The digital transformation journeys of FIs will depend on cloud-based models that support multiple functions in operational risk management. Cloud-based solutions are being adopted for use cases including:

  • AML: In AML, cloud favorability is particularly high in watchlist screening, as it supports faster KYC onboarding, transaction screening at scale, and multilingual text analysis. Cloud-based AML deployments offer cost advantages and ease of maintenance for small-and mid-sized FIs; larger FIs are using it for advanced analytics.
  • Anti-fraud: Cloud-based platforms help monitor cross-channel fraud, evaluating fraud risks across channels and devices. Cloud can help integrate functions including unified AML and anti-fraud operations, identity authentication and verification, and insider and enterprise fraud management.
  • Conduct: Conduct solutions to track employee sales practices, government/ corporate relationships, investments, and outside business activities. Cloud deployment supports distributed solutions to maximize engagement and use by employees and stakeholders.
  • GRC: A cloud-based GRC approach unites all operational risk management and compliance elements into a single source of truth, providing an agile, scalable, cost-effective integrated view of the FI’s risk situation. The result: an automated, centralized collection of risk assessments, enterprise-wide, and nearly real-time analyses and visualization capabilities.
  • KYC: Cloud helps centralize and support the sharing of KYC case investigation tasks and results, data and documents. Contemporary cloud-based KYC solutions support scalable advanced analytics and real-time search.
  • Regulatory change management: Managing policies and procedures and keeping them current with changing regulations have historically been clunky due to siloed systems and procedures. Cloud offers the possibility of breaking down the silos and applying automation techniques, such as AI, natural language processing, and robotic process automation, to support automated and contextual policy updates.
  • Trade surveillance: Cloud’s easy scalability and high elasticity help monitor fluctuating volumes of trades. Advanced analytics and AI can help discern complex trading patterns across asset classes, for example, and combine trade and communication surveillance.

The changing landscape of solution providers

As FIs move to embrace cloud technologies for operational risk management, they have a growing number of solutions to help with the migration. Vendors are evolving multiple types of offerings that service different risk-based focus areas. Fintech and regtech providers are launching new, innovative propositions to solve deep-rooted problems in financial services. Solutions from most new entrants have a cloud-first, if not cloud-native, approach. Concurrently, incumbent vendors are differentiating their solutions and offering new deployment options to make those solutions cloud-friendly or even cloud native.

These solution providers must also step up to help with the adoption of their offerings. This includes everything from developing an ecosystem strategy (i.e., where vendors benefit from major platform economies and the marketplaces emerging from cloud developments), support for clients moving their operational risk functions from on-premises to the cloud, and clear information about common pitfalls and success stories. 

Next steps for financial institutions

To embrace the cloud effectively, FIs can move gradually. Migrating operational risk systems is often performed after moving other critical systems to the cloud and as part of broader enterprise-wide initiatives. Some medium-sized companies that may not have organization-wide cloud strategies may still use cloud solutions, such as software-as-a-service (SaaS), for some operational risk functions. FIs, cautious to avoid vendor lock-in as they migrate to the cloud, may also consider multi-cloud strategies to match applications to the most appropriate environment(s).

As FIs strategize about their medium-to-long-term technology choices, cloud is certain to play a significant role. Today, that’s true even for the critical functions of operational risk.

 

Arin Ray is a former analyst with Celent’s risk practice.

 

Read this next

Digital Assets

Sui Spikes in Weekly DEX Volume, Joins Top 10 of All Blockchains

March DEX volume on Sui stands at over $2.88B – up more than 49% from February – with decentralized exchange Cetus and wholesale liquidity layer DeepBook leading.

Digital Assets

Prisma Finance suffers $10 million crypto exploit, attack ongoing

Liquid staking protocol Prisma Finance fell victim to a security exploit on March 28, resulting in nearly $10 million in Prisma mkUSD and wrapped stETH being stolen by hackers.

Digital Assets

Masa and LayerZero: Bridging Blockchains for Data Sovereignty

Masa Network is poised to revolutionize the personal data landscape with its upcoming launch as a cross-chain platform, making it accessible on a variety of blockchains right from the start.

Digital Assets

Big Time Generates over $100M in Revenue since Preseason

Innovative game developer Big Time Studios announces that its highly anticipated free-to-play multiplayer action/MMO RPG Big Time, has generated $100M in revenue. According to the team, players transacted a total volume of over $230M, without selling a single token.

Digital Assets

Centralized exchanges are 10 times more popular than DEXs in Western Europe

Western European traders are found to prefer centralized exchanges over decentralized ones as CEX traffic outpaces DEXs by a factor of ten.

Market News

Stock Market Analysis: Is NVDA Losing Its Leadership?

Since the beginning of the week, the S&P 500 Index (US500) has seen a modest increase of about 0.58%, whereas NVDA’s share price has experienced a decline of approximately 3.8%. This recent divergence raises concerns among Nvidia stock investors — could it signify a loss of NVDA’s market leadership?

Industry News

ESG: Australian regulator wins first greenwashing court case against Vanguard

Vanguard admitted that a notable portion of the securities within both the Index and the Fund did not undergo the promised ESG scrutiny.

Fintech, Uncategorized

BitMEX integrates HALO from Solidus Labs for cross-market surveillance

“The recent approval of the Spot Bitcoin ETF has piqued the market’s interest. As a result of price volatility, the trading volumes for crypto derivatives have gone up substantially. HALO, with its advanced technology and crypto-native detection architecture, will enable BitMEX to smoothly and safely scale trade surveillance across its increased trading volumes and provide the necessary safeguards for new product launches.”

Reviews

IUX Broker Review

IUX, recently rebranded from IUX Markets, stands as a multi-asset Forex broker recognized for its regulatory compliance across various jurisdictions.

<