Opinion: The Growing Case for Cloud in Operational Risk Management

Arin Ray

High regulatory scrutiny and considerations about data security in financial services long meant that risk management wasn’t a traditional fit for cloud migration. That’s changing.

By Arin Ray

Now, cloud-based models are being adopted across the financial services value chain—even for functions that, until recently, hadn’t been part of the cloud journey, including operational risk management. One marker of this: 82% of respondents in a survey of banks agree or strongly agree that cloud-based deployment is where they’ll be in the coming five years.

Financial institutions (FIs) are demonstrating a growing desire for cloud as a way of being more open, faster, nimbler, and more easily connected with both internal and external ecosystems. The trend toward the cloud for operational risk management is being embraced by banking, insurance, capital markets, and asset and wealth management institutions.

Why now for operational risk management in the cloud?

Historically managed with on-premises solutions, operational risk management in financial services includes risk functions, such as anti-fraud, anti-money laundering (AML); cybersecurity; governance, risk, and compliance (GRC); know your customer (KYC); regulatory change management and reporting; suitability and conduct management; and trade surveillance. As cloud providers invest significantly in fortifying data security and privacy over the cloud, and expanding geographic availability, FIs show a growing (but still cautious) willingness to move these functions to the cloud.

The cloud imperative is now clearer than ever for banking and financial services, even though regulated industries such as these have lagged in the past. The pandemic drove some of this acceleration, as digitization trends ramped up, as enterprises moved to unite disparate processes and siloed operations, and FIs turned to the cloud to support collaboration among remote employees.

Other factors are also at play. FIs now recognize that the cloud can offer benefits for their infrastructure and technology, beyond the cost-optimization considerations that had long been the main focus. These include streamlined, faster deployments; easier maintenance and upgrades; and advanced analytics, artificial intelligence (AI), and machine learning (ML) techniques. As part of a trend seen over the past five years toward a modular architecture for technology stacks, FIs are embracing the building blocks that can be easily integrated and shared (e.g., across business lines, channels, products, regions of operation); breaking down silos in this manner is particularly important for risk functions, where tighter integration is necessary.

The current solutions provider landscape—rich with cloud-native innovation and value propositions that solve intractable challenges in risk and compliance—means that FIs can select risk management technology from a robust vendor ecosystem, evaluating options from startups and incumbents against in-house options. FIs are recognizing that the major cloud providers are better equipped than the FIs themselves to invest in, manage, and strengthen capabilities such as compliance, data security, privacy, and residency aspects.

Cloud use cases for operational risk management

The digital transformation journeys of FIs will depend on cloud-based models that support multiple functions in operational risk management. Cloud-based solutions are being adopted for use cases including:

  • AML: In AML, cloud favorability is particularly high in watchlist screening, as it supports faster KYC onboarding, transaction screening at scale, and multilingual text analysis. Cloud-based AML deployments offer cost advantages and ease of maintenance for small-and mid-sized FIs; larger FIs are using it for advanced analytics.
  • Anti-fraud: Cloud-based platforms help monitor cross-channel fraud, evaluating fraud risks across channels and devices. Cloud can help integrate functions including unified AML and anti-fraud operations, identity authentication and verification, and insider and enterprise fraud management.
  • Conduct: Conduct solutions to track employee sales practices, government/ corporate relationships, investments, and outside business activities. Cloud deployment supports distributed solutions to maximize engagement and use by employees and stakeholders.
  • GRC: A cloud-based GRC approach unites all operational risk management and compliance elements into a single source of truth, providing an agile, scalable, cost-effective integrated view of the FI’s risk situation. The result: an automated, centralized collection of risk assessments, enterprise-wide, and nearly real-time analyses and visualization capabilities.
  • KYC: Cloud helps centralize and support the sharing of KYC case investigation tasks and results, data and documents. Contemporary cloud-based KYC solutions support scalable advanced analytics and real-time search.
  • Regulatory change management: Managing policies and procedures and keeping them current with changing regulations have historically been clunky due to siloed systems and procedures. Cloud offers the possibility of breaking down the silos and applying automation techniques, such as AI, natural language processing, and robotic process automation, to support automated and contextual policy updates.
  • Trade surveillance: Cloud’s easy scalability and high elasticity help monitor fluctuating volumes of trades. Advanced analytics and AI can help discern complex trading patterns across asset classes, for example, and combine trade and communication surveillance.

The changing landscape of solution providers

As FIs move to embrace cloud technologies for operational risk management, they have a growing number of solutions to help with the migration. Vendors are evolving multiple types of offerings that service different risk-based focus areas. Fintech and regtech providers are launching new, innovative propositions to solve deep-rooted problems in financial services. Solutions from most new entrants have a cloud-first, if not cloud-native, approach. Concurrently, incumbent vendors are differentiating their solutions and offering new deployment options to make those solutions cloud-friendly or even cloud native.

These solution providers must also step up to help with the adoption of their offerings. This includes everything from developing an ecosystem strategy (i.e., where vendors benefit from major platform economies and the marketplaces emerging from cloud developments), support for clients moving their operational risk functions from on-premises to the cloud, and clear information about common pitfalls and success stories. 

Next steps for financial institutions

To embrace the cloud effectively, FIs can move gradually. Migrating operational risk systems is often performed after moving other critical systems to the cloud and as part of broader enterprise-wide initiatives. Some medium-sized companies that may not have organization-wide cloud strategies may still use cloud solutions, such as software-as-a-service (SaaS), for some operational risk functions. FIs, cautious to avoid vendor lock-in as they migrate to the cloud, may also consider multi-cloud strategies to match applications to the most appropriate environment(s).

As FIs strategize about their medium-to-long-term technology choices, cloud is certain to play a significant role. Today, that’s true even for the critical functions of operational risk.


Arin Ray is a former analyst with Celent’s risk practice.


Read this next

Digital Assets

FTX Japan has until March to return customer assets

The Kanto finance bureau of Japan’s Ministry of Finance (MoF) said it will extend its business suspension order for FTX Japan, the Japanese arm of the beleaguered crypto exchange FTX.com.

Executive Moves

Johan Wiese replaces Richard as director of IG South Africa

IG Group, Europe’s largest online trading platform, has relocated its Finance Chief Operating Officer (COO) Johan Wiese to join its South Africa business as a director.

Digital Assets

Nexo continues European expansion with Polish licence

Crypto lender Nexo said today that it had been registered as a virtual currency operator with the Ministry of Finance in Poland, which enables its European-based entity to provide services to the country’s residents lawfully.

Digital Assets

Wirex expands crypto lineup to 130 tokens

Payment and crypto wallet provider Wirex has listed 52 new tokens on their app, bringing the total number of supported digital assets to 130, alongside 13 fiat currencies.

Executive Moves

Capital.com lures IG’s long-serving exec Greg Adams

Multi-licensed online brokerage group Capital.com has appointed Greg Adams, who spent the bulk of his two-decade career at IG Group, as its newest head of risk.

Digital Assets

Farcana and Dravus join forces to line up sustainable mining power sources

As a result of growing ecological awareness, the sector’s top companies have been working to achieve effective cryptocurrency mining while still being energy-efficient: e.g. using mining facilities fueled by renewable power and located in colder regions to lower heat-dissipation costs.

Retail FX

Vantage to expand swap-free trading offering after savings of $1 million in gold XAUUSD

The swap-free product enhancement was designed to provide greater convenience for gold XAUUSD traders. Clients are not charged overnight fees when trading across all trading accounts, including on the Vantage App, regardless of trade size.

Digital Assets

Bosonic launches Cross Custodian Net Settlement to further eliminate settlement risk

Bosonic has announced the go-live of Cross Custodian Net Settlement (CCNS) in which trades in USDC and ETH were executed, cleared, and settled atomically between two digital asset custodians, First Digital in Hong Kong and Propine in Singapore.

Industry News

IntraFi taps Broadridge to offer loans to costumers of brokers, advisors, and RIAs

“Broadridge’s partnership with IntraFi expands the availability of securities-based lending to previously underserved parts of the market — community and regional banks, independent broker-dealers, and unaffiliated advisors and RIAs.”