As they migrate to cloud-based data systems, banks could reach another level of abstraction from most of us. Money has already become less tangible, as cash and bank branches gradually disappear. Computers and the internet have speeded up capital flows, bringing greater volatility in markets and making it harder to keep track of money laundering. Regulators are already struggling to keep up.
But the benefits of the cloud are irresistible. Some big banks are moving important chunks of their business onto internet-based data systems developed in-house – so-called private clouds. As some of these projects have led to big cost savings, more are following. Most recently, and potentially most radically, bank chiefs are also paying more attention to the potential of the so-called public cloud that the likes of Amazon, Google and Microsoft are developing.
Singapore’s DBS is one of the first to make a wholesale move to the cloud. Firms following a similar path include Spain’s Bankinter, plus neo-banks such as Holvi and UK challengers Starling, Monzo and OakNorth. Like DBS, they are using Amazon Web Services, by far the biggest public cloud provider.
Big banks in Europe and the US are at a disadvantage, as their generally bigger, older and more entangled IT systems are harder to migrate. These banks have not written their IT applications to take advantage of the cloud, so they will find fewer benefits and a higher cost of using the technology, at least in the short term.
Even so, according to McKinsey, the industry as a whole has become much more comfortable with the security and resilience of the public cloud over the last year or two. The hope is that it will offer far greater economies of scale and better functionality than private clouds. Banks’ software developers are crying out for access, even at the biggest firms.
As Bank of England adviser Huw van Steenis told Euromoney recently, using the public cloud may not be that much cheaper, but it will probably make it easier to upgrade and launch new products quickly.
DBS chief executive Piyush Gupta says that the bank’s speed to bring new products to market has increased by eight times thanks to using cloud technology.
The public cloud will also make it easier for banks to partner with fintech firms and other product providers, according to van Steenis. Fearing the loss of direct customer relationships to new rival platforms, incumbent banks increasingly see a need to do more than just broker their own products. This requires tools such as budgeting or price comparisons for insurance and energy suppliers, taking advantage of banks’ data.
According to one Accenture survey, most bank chief executives think their data is trapped in legacy systems. Overall, there is a sense that if banks want to be agile and open, they would do well to outsource their data management to the public cloud.
The problem is that the technology is changing so rapidly. A bank could go to great expense and risk in developing its use of a certain technology, only for that technology to be superseded shortly afterwards. Some will have fallen foul of this danger in private cloud investments only a couple of years ago.
That doesn’t mean that banks can ignore it. If they develop private clouds, they can do so in such a way that their applications can more easily transition to the public cloud later. But again, concerns around safety and systemic risk remain a big barrier.
Using the cloud may not be riskier in the end. It is possible to keep customer-specific data on a private cloud, while moving things like risk analysis and branch usage statistics to the public cloud. The big hazard may be the transition. Regulators will fear a repetition of the meltdown last year when the UK’s TSB shifted customers onto its own IT systems from that of former parent Lloyds Banking Group. Millions were blocked from their accounts, shown incorrect balances and received data from other people’s accounts.
Beyond this, supervisors such as the European Banking Authority and the Bank of England fear that the highly concentrated nature of the public cloud could increase systemic risk. In April, the EBA and other EU supervisors advocated a new EU legal framework for direct oversight of the big providers, rather than just relying on banks to do due diligence. Van Steenis’ report to governor Mark Carney in May suggested there could be a “certified cloud” of closely regulated providers.
What’s certainly true, as the Bank of England acknowledges, is that supervisors need to make sure they properly understand and assess these risks. Euromoney hears an anecdote about one US bank spending millions on a cloud strategy, and after a 90-page presentation to the relevant regulator, being asked the definition of a petabyte (two steps up from a gigabyte). Such a simplistic question, in the source’s view, showed that the official had not remotely understood the issue at hand.
Supervisors are right to be wary before they properly understand the risks. And banks, too, need to make their assessments. One big bank in the US, Euromoney understands, recently hired about 50 cloud security engineers from firms such as Amazon and Microsoft, to help understand how it could use the public cloud. Meanwhile, in Europe, distractions like Brexit will make it even harder to focus on exploiting the potential of this technology.