The cloud journey for market infrastructures
The rise of cloud computing continues, with worldwide spending on public cloud services and infrastructure forecasted to reach $210 billion in 2019. This is an increase of nearly 24% over 2018, according to a survey published in February this year by the International Data Corporation (IDC). The IDC report also forecasts that over the next five years, cloud platforms and ecosystems will lead to an ‘explosion in the scale and pace of digital innovation.’
Financial market infrastructure has been swept into this trend. That said, cloud technology is seeing a more measured take-up rate within market infrastructure when compared to other segments of financial services, due to the need to prioritise risk mitigation and safety above all else. Executing a cloud strategy for financial market infrastructures requires a number of specific steps to ensure an implementation that is both successful and meets the approval of regulators.
First, ahead of undertaking a cloud implementation, a systemically important financial market utility (SIFMU) should explain to customers the benefits of leveraging the cloud, and assure them that a company’s mission will not be compromised in doing so. For example, one of the key considerations for the DTCC board was whether the relevant supervisors would allow the organisation to move certain parts of the infrastructure to the cloud. As a result, DTCC needed to ensure that the relevant regulatory partners understood the objectives and logic behind moving to the cloud and to explain how regulatory obligations will continue to be met. A key message to communicate during those discussions is how the use of the cloud infrastructure can help build a firm’s resilience, emphasising that in most cases the safeguards for ensuring data integrity that cloud vendors can offer are far superior to those which can be provided by individual firms.
Second, as with any cloud computing strategy, a market infrastructure must ensure that it is in line with best practice guidelines as provided by regulators. The regulatory prerequisite for allowing market infrastructures to outsource certain operations to a public cloud provider is that the overall responsibility for the services and data still must reside wholly with the market infrastructure. This includes governance, such as policy definition, management (including contracts, service levels and monitoring), service level agreement reviews and control audits. While cloud vendors and their related software services may have the most sophisticated security capabilities, best practice guidelines from policy makers and regulators state that the controls, configurations and access management should still be overseen by the market infrastructure.
Third, it is important to maintain an ongoing, consistent dialogue between a market infrastructure and its regulators when implementing a cloud strategy, because moving certain processes to a cloud environment touches upon risk management, product development and resilience, particularly for a systemically important business. Maintaining an ongoing daily dialogue between SIFMUs and regulators is the normal course of business, particularly when there are any changes related to risk management or the introduction of new products. This means that dialogue must be open to ensure that any specific issues or concerns raised by regulators can allow changes to be made to cloud implementation road-maps with ease.
Despite these extra steps required for implementation, there are numerous potential benefits of moving certain processes and data to the public cloud. As is widely cited, many cloud providers have reached levels of robustness and sophistication in regard to performance, security, cost and scale that far surpass what many large corporates are able to provide. For truly enterprise-grade cloud providers, their massive data-centre capacity, and the distributed nature of it, offer both a theoretically (and in some cases practically) superior infrastructure platform. Meanwhile, the capital markets industry and its supervisors have intensified their focus on resilience and ensuring the continuity of service. This has driven market infrastructures to further evaluate opportunities to expand the use of the cloud more broadly across external services and applications where most appropriate.
In addition to those widely acknowledged benefits of the cloud, we at DTCC are seeing other potential advantages. Cloud technology provides the ability to test new ideas and to assess their viability with great efficiency and speed. Examples include testing a big data warehouse model, undertaking performance benchmarks or trying out new data-analytic tools. These projects all
involve a full cycle of defining the project and objectives, provisioning environment, and testing. In the cloud, completion of the project objectives can be accomplished within weeks or months. Cloud adoption also enables market infrastructures to bring an application with a public access requirement to market, or replace on-premise data storage, which creates unlimited scale. Other data-related benefits of the cloud include improved performance and cost reductions related to data archiving, and the capability to move non-core, corporate-functions applications out of a corporate data centre, which decreases exposure to cyber-threats and reduces internal IT investment in infrastructure.
Market infrastructures must follow a strict process when devising a successful cloud computing strategy, to ensure that the plan receives the vital support of stakeholders: customers, shareholders and regulators. When time and effort is invested in client dialogue and consultation, best practice implementation, and collaboration with regulators, the process of adopting a cloud computing strategy can not only mitigate risk but can bolster the resilience of financial market infrastructures and in doing so, contribute to the overall strengthening of the global financial system.
Mark Wetjen, former CFTC Commissioner and now, head of global public policy at DTCC and chairman at DTCC Deriv/SERV.