Author: Máté Hidvégi, Head of Development at ApPello
“We don’t do it, it’s not safe and anyway, the regulator wouldn’t allow it.”
While international and domestic banks are moving towards the cloud in an increasing number of areas, still there remain strongly-held beliefs and, of course, misconceptions about public cloud usage. The fact is, it is well worth asking around and researching the topic because it would be a mistake not only to develop something that still cannot be licensed, but similarly if we didn’t pursue development and missed out in the competition.
Cloud or on-premise?
This is a subject we dissected recently on this blog and perhaps it is worth looking further into this topic.
The Hungarian Banking Association and several leading Hungarian bankers are increasingly vocal in arguing for the development of banking digitalisation and the creation of a flexible environment to ensure that Hungarian banks are not placed at a competitive disadvantage vis-à-vis those countries that are already employing the very latest solutions and giving strong backing to the public cloud. The core argument goes something like this: in as much as western financial institutes are prepared to migrate sensitive customer data and transactions to the cloud, then a Hungarian bank could also give this consideration. Naturally, there can be no question that compliance with regulators, legal, security and contractual guarantees are all essential.
At ApPello, we have found that, after countless of discussions with clients and colleagues, the following aspects always crop up in the debate around cloud v. on-premise:
In the life of banks, security is the number one issue. In this world, many different kinds of personal data and information can be damaging, a summer snap of a computer can be sensitive, not to mention the leaking of health track records, but customers are probably the most sensitive about protecting their financial details. From the aspect of physical protection, this question may come down in favour of the on-premise solution even today, although from the aspects of IT and business, the cloud is well worth considering these days. A major cloud service provider in contact with a large number of clients is forced to prepare for very many more situations, and it has an understanding and experience of many types of risks, even ones that, in a good case, individual banks do not even consider since they have not encountered them.
It is a matter of life or death for major cloud corporations to have a ready response to every imaginable risk or problem, since every successful outside attack damages their basic reputation.
Typically, larger service providers find it easier to hire skilled security specialists because they can provide the right remuneration and motivate the best professionals in the long run. On the other hand, IT staff in banks and IT operators owned by banks have to face many very divergent tasks, they are unable to immerse themselves in a given security issue in detail, and they cannot stay up-to-date.
Global IT is clearly heading in the direction of the cloud
Of course, the cloud is the fashion and spirit of the age, and everyone is pushing it at the moment. The question is whether it is worth sticking with the crowd or going it alone against the current. There are examples of everything:
If in the stock exchange the ‘herd’ sells, then it may be that the person who first buys will, by going against the trend, make a killing. There again, in business it is always worth paying attention to the driving tendency. If video and DVD rental stores are closing down worldwide due to the expansion of streaming, then it is not certain it would be worth investing money in the opening of such a business just to be unique…
In the same way, every industry needs to identify those turning points beyond which business is hampered by an old conditioning, but the cloud already appears to be the clear choice by the middle of the next decade. The spirit of the age in banking and corporate IT is very much pointing in the direction of the cloud although it is still not absolutely unequivocal today whether or not a bank should shift its systems into the cloud. Suppliers are switching to these sorts of solutions but even large western banks are also introducing more and more services into the cloud. Naturally, it is not worth heading towards the cloud purely from being pressured or from the herd mentality, although if things are happening there, then it is certainly worth looking around. The fact is, this is also a relevant management task: given that the introduction of a core system represents a solution for the following more than 10 years, it is worth having in mind today what the likely IT and business environment will look like by 2030. If cloud development has started and this IT trend appears unavoidable, then it is a serious managerial challenge for the company concerned to cross the river not too soon, not too late, but preferably at exactly the right moment, taking into account the given country, sector and regulatory environment. Anyone who wakes up too late may find that at the end they are forced to rush things because after a while the cloud will not have a suitable on-premise alternative.
Anyone who feels that they already have a terrestrial infrastructure that serves their current needs certainly does not want to lose their own capacities, making their significant investments pointless in retrospect. It is not easy in the life of banks either to explain to shareholders why, after a large on-premise development, anyone would want to immediately go to an external service provider. But it would be a mistake to sit back and do nothing. It is worth paying attention and, from an expenditures viewpoint, analysing which is more economical, which is more flexible when establishing certain new services, or when upgrading versions: the on-premise solution or, over time, the cloud. And in this respect, not only the value of the investment but the operation, too, can turn out very differently. The much talked-about scalability is important not only in the sense of handling an expanding client circle or growing staff rollcall, but also that it is able to handle seasonality within the operation cost effectively.
Proportional payment may be beneficial for those banks where there are periods of peak capacity when additional volume is required but it is not worth buying this for an entire year: for example, annual closures, popular campaigns, final repayments, credit moratorium statements or Christmas commercial credit dumping.
Share out some of the profit!
Of course, the big service providers are pushing the cloud so hard because they save costs through joint developments and standardisation. This aspect must be understood but it is not worth disliking; instead, as a customer, we should leverage it to our own benefit, demanding a share of the cost savings thus achieved. We can tell a supplier that “if it’s much better for you, then that’s OK, but if it’s better for me, too, like this, that is when I will also be happy.” This is as much a matter of negotiation as it is not to be at the mercy of suppliers in any way. A pre-nuptial agreement certainly doesn’t sound good but in the case of cloud services, it is absolutely certain that as long as the wedding has not been concluded, thought should also be given to the divorce, the protocols of a possible termination of contract, change of service provider, and the migration of data.
Finally, let’s talk about the limitations! It is a gross oversimplification to say that a regulator always lags behind, for example, it does not support the public cloud for data protection reasons. It is easy to check this out, to ask, because it is far from being the case today.
Or to express this more accurately: it is not like this everywhere. Not one single bank is capable of complying 100% with every regulatory expectation at every moment. On the one hand, this is not in doubt so we must always strive for the fullest possible compliance. However, if during a development the manager in charge can be ‘certain’ of his/her own truth, that he/she is truly working on the right solution both technologically and commercially, which will be followed by the legal environment, then prudent banking behaviour will be realized in the same way as if only the current legal regulations were in view. It is already evident now that in international groups, the introduction of parent bank solutions or the lifting of solutions proven by affiliate banks to group level are both acceptable options. Cloud development of lending, customer identification and risk management areas, or even call centre, internal and external mailing systems is globally feasible and pioneering.
The ApPello Digital Platform product that is fully customizable is also suitable to serve banks flexibly and cost efficiently from the cloud in as much as the already launched cloud development of banks continues.