The growing case for the cloud in operational risk management –


High regulatory scrutiny and data security considerations in financial services have long meant that risk management has not traditionally been suited to migration to the cloud. It changes.

By Arin Ray

Today, cloud-based models are being adopted across the financial services value chain, even for functions that until recently were not part of the cloud journey, including operational risk management. A marker of this: 82% of respondents in a survey of banks agree or strongly agree that cloud-based deployment is where they will be in the next five years.

Financial institutions (FIs) are showing a growing desire for the cloud as a way to be more open, faster, more agile, and more easily connected to internal and external ecosystems. The trend towards the cloud for operational risk management is being embraced by banking, insurance, capital markets, and asset and wealth management institutions.

Why now for operational risk management in the cloud?

Historically managed with on-premises solutions, operational risk management in financial services includes risk functions, such as anti-fraud, anti-money laundering (AML); cyber security; governance, risk and compliance (GRC); know your customer (KYC); regulatory change management and reporting; fitness and conduct management; and trade monitoring. As cloud providers invest significantly in hardening cloud data security and privacy and expanding geographic availability, FIs are showing a growing (but still cautious) willingness to move these functions to the cloud.

The cloud imperative is now clearer than ever for banking and financial services, even though regulated industries like these have lagged in the past. The pandemic has driven some of this acceleration, as digitalization trends have intensified, companies have moved to unite disparate processes and siled operations, and FIs have turned to the cloud to support collaboration. between remote employees.

Other factors are also at play. FIs now recognize that the cloud can deliver benefits for their infrastructure and technology, beyond the cost optimization considerations that have long been the primary focus. These include streamlined and faster deployments; easier maintenance and upgrades; and advanced analytics, artificial intelligence (AI) and machine learning (ML) techniques. As part of a trend over the past five years toward a modular architecture for technology stacks, FIs are embracing building blocks that can be easily integrated and shared (e.g., across lines of business, channels , products, operating regions); This breaking down of silos is particularly important for risk functions, where tighter integration is needed.

Today’s solution provider landscape, rich in cloud-native innovations and value propositions that solve intractable risk and compliance problems, means that FIs can select risk management technology from an ecosystem of robust suppliers, evaluating the options of startups and incumbents against internal options. FIs recognize that leading cloud providers are better equipped than the FIs themselves to invest in, manage and build capabilities such as compliance, data security, privacy and residency aspects.

Cloud use cases for operational risk management

FI digital transformation journeys will depend on cloud-based models that support multiple functions in operational risk management. Cloud-based solutions are adopted for use cases such as:

  • AML: In AML, cloud favor is especially high in watchlist screening, as it supports faster KYC onboarding, large-scale transaction screening, and multilingual text analytics. Cloud-based AML deployments offer cost advantages and ease of maintenance for small and medium-sized FIs; larger FIs use it for advanced analytics.
  • Anti-fraud: Cloud-based platforms help monitor cross-channel fraud, assessing fraud risk across all channels and devices. The cloud can help integrate functions such as unified AML and anti-fraud operations, identity authentication and verification, and management of insider and corporate fraud.
  • Conduct: Provide solutions for tracking employee sales practices, government-corporate relations, investments, and outside business activities. Cloud deployment supports distributed solutions to maximize employee and stakeholder engagement and usage.
  • MAF: A cloud-based GRC approach unites all elements of operational risk management and compliance into a single source of truth, providing an agile, scalable, and cost-effective integrated view of the FI’s risk posture. The result: an automated, centralized collection of risk assessments, enterprise-wide, near real-time analytics and visualization capabilities.
  • KYC: The cloud helps centralize and support the sharing of tasks and results, data and documents of KYC case investigations. Contemporary cloud-based KYC solutions support scalable advanced analytics and real-time search.
  • Regulatory change management: Managing policies and procedures and updating them with changing regulations has always been complicated due to siled systems and procedures. The cloud provides the opportunity to break down silos and apply automation techniques, such as AI, natural language processing, and robotic process automation, to support automated, in-context updates to policies.
  • Commercial Eve : The easy scalability and high elasticity of the cloud helps monitor fluctuating transaction volumes. Advanced analytics and AI can help discern complex trading patterns across asset classes, for example, and combine trading and communications monitoring.

The Changing Landscape of Solution Providers

As financial institutions embrace cloud technologies for operational risk management, they have an increasing number of solutions to facilitate migration. Sellers are evolving several types of offers that serve different risk-based intervention areas. Fintech and regtech vendors are launching innovative new proposals to solve deep-rooted problems in financial services. Most new entrants’ solutions take a cloud-first or even native approach. At the same time, incumbents are differentiating their solutions and offering new deployment options to make these solutions cloud-enabled or even cloud-native.

These solution providers also need to step in to help drive adoption of their offerings. This includes everything from developing an ecosystem strategy (i.e., where vendors benefit from major platform economies and markets emerging from cloud developments), to assisting customers transferring their on-premises operational risk functions to the cloud, and clear insights into common pitfalls and success stories.

Next steps for financial institutions

To effectively adopt the cloud, FIs can scale incrementally. Migration of operational risk systems is often done after moving other critical systems to the cloud and as part of larger enterprise-wide initiatives. Some midsize businesses that may not have organization-wide cloud strategies may still use cloud solutions, such as software as a service (SaaS), for certain operational risk functions. FIs, keen to avoid vendor lock-in when migrating to the cloud, can also consider multi-cloud strategies to match applications to the environment(s) most appropriate.

As FIs strategize on their mid to long-term technology choices, the cloud will certainly play an important role. Today, this is true even for critical operational risk functions.

Arin Ray is a former analyst of Celentthe practice of risk.


About Author

Comments are closed.