Cloud adoption accelerates among banks with unique strategies
The financial services industry is undergoing a massive shift to cloud, but the challenging technology transition for incumbents requires a strategic rethink of architecture, data, people and processes.
- Competition posed by challenger banks accelerate drive for cloud adoption
- Multi-cloud and hybrid approach to address IT risk
- Skill gap remains a challenge
The winds of change across financial services industry have become more pronounced. New cloud native technology players and digital banks have entered the market and scaled with speed. Customers demand more digital, real-time and intelligent service from their banks. Future success of banks rests on their ability to innovate services with agility, scale with speed and lower their operating costs. Banks feel the urgent need to become data-driven but the scalability of emerging technologies such as artificial intelligence (AI) is dependent on the foundation of cloud-based infrastructure. These have pushed banks to strategically evaluate the technology they need to move forward, a move further accelerated during the pandemic.
For incumbents that have spent millions and billions in on-premises technology and skills, the migration to cloud-based infrastructure is not an easy decision or a painless transition. There is ‘no one size fits all’ cloud strategy, yet it is not a matter of ‘if’ but how quickly banks can undertake this transition.
What is driving the adoption of cloud in banks
The growing competition from new entrants such as challenger banks and fintechs has evolved customer expectations from banks. Incumbent banks need to stay disruptive and relevant for their customers. The ability to utilise data effectively to differentiate and personalise services has become critical and pushed banks to modernise their core technology foundation towards scalable cloud-based infrastructure. The urgent need for remote operations and exponential growth in digital transactions during the pandemic further accelerated this.
“We're seeing a few key themes in financial services in Southeast Asia. There is definitely an acceleration in the midst of the pandemic and increasingly, customers are migrating core financial services workloads to the cloud. Organisations are moving data centres, making large multi-year commitments. They are embracing the cloud to harness the untapped power of their data, turning data into insights,” shared Conor McNamara, managing director of Amazon Web Services in ASEAN.
“Innovation in technology is a ‘must have’ rather than ‘nice to have,’’ stressed Connie Leung, senior director, financial services business lead – Asia, Microsoft. Banks need to think about cloud adoption holistically and how they become more tech-savvy and data-driven by following a technology roadmap. “The dimension of cloud is really from the customer experience to operations, to the back office and it's really about being a data-driven organisation. That's the ultimate goal,” she added.
The cloud adoption has increased across industries in last three years as visible from the growth in cloud sales of the leading cloud service providers.
“You're only as fast as your infrastructure,” said Henry Aguda, chief technology and operations officer and chief transformation officer at UnionBank of the Philippines. This Philippine bank was based entirely on-premise infrastructure until five years back but is now adopting cloud-first policy including shifting its core banking to cloud.
This shift facilitated the bank to manage ‘work from home’ infrastructure, allow its employees to connect their current broadband services from home directly to the cloud. “I can’t talk enough about how resilient the cloud infrastructure is. When it comes to speed, being able to be agile, as well as being able to scale at will, and our cloud helped us a lot,” Aguda added.
The pandemic led to a spurt in growth of digital transactions and need for digita-first services, digital processes and remote customer onboarding. As banks seek to offer intelligent customer centric services, cloud enables them to integrate and analyse vast volumes of real time data with speed using AI and machine learning. The regulations and compliance requirements of banks have also evolved rapidly requiring ability to churn and analyse data quickly.
“Cloud is relevant for scalability, elasticity, as well as capability, especially in the realm of AI, machine learning, and real time, data processing and insights delivery. At the same time, cloud also offers efficiency, right in terms of costs, and processing capacity,” opined Johnson Poh, executive director, head, group enterprise artificial intelligence, UOB.
This has become even more important as digital transactions scale. Jens Lottner, CEO of TechcomBank, shared that more than 90% of their customers are digitally active and roughly 34% of customers use only digital channels. “The bank therefore needs to be digital and cloud first. Cloud for us is actually not really an option or a choice, but it really is a must, and we need to do.”
He pointed that the bank’s retail banking transactions growth is exponential. “Just imagine what we needed to do to bring in, the amount of servers, what we needed to configure and buy in order to deal with that increase 70 times over the last five years, and the peak capacity five times of what is normal. And that has just led us to come to the conclusion that as this growth continues, this physical world just doesn't work for us. Because we cannot be as quick as we need to buy these physical servers.”
“We are trying to get to a situation where our capacity can be flexed up instantly and be much more reliable than what we have seen in the past,” he added.
Cloud provides the flexibility to increase or decrease the computing capacity and pay for use, this enables cost efficiencies and reduces upfront capital expenditure. Price reductions in cloud is further driving the economics in its favour.
Banks are pushed to re-evaluate their monolithic core architecture as cloud native fintech and digital banks do not have a legacy baggage, innovate faster, are cost efficient with quicker time to market.
“The more powerful thing is the cloud native architecture. The crux of it is cloud native design principles, both around IT application, as well as around the data stack, which lead to agility and real time. How organisations must respond to marketplace changes really fast,” opined Balaji Narayanamurthy, president and head of business intelligence unit, Axis Bank.
“It is not only a smooth journey but it's also an intelligent journey and a personalised journey and that happens through data. But this can happen only if you are following cloud native design principles and if you are on cloud,” he added.
Cloud migration strategies and key considerations
Banks that have invested millions in legacy technology struggle with this massive transition. Cost and effort to migrate workloads to the cloud remain a major concern for traditional banks. It is often a challenging multi-year transformation that requires a holistic and strategic change management.
“The key challenge is that it has to be a top-down agenda, a CEO agenda and it has to be committed. The mindset change and driving the cultural change is the biggest challenge and also the opportunity that we're seeing. Fundamentally the best practice is about four things - the people, the culture, the skills, and then the technology infrastructure,” pointed Leung.
The transition is not just technology, it also entails change in data framework, governance and processes. Banks need to consider the regulatory requirements, data security and IT outsourcing and concentration risks while devising their strategy.
Technology transformation challenges and strategies
“The biggest challenge is the migration of an existing system to the cloud. If you're an operating bank like ours where we have a lot of legacy infrastructure and database, then it is like changing your wheels while driving 90 miles per hour,” commented Aguda.
A simple migration to cloud may not be enough, it should be leveraged with API-connected microservices architecture and right data framework. Many traditional banks are undertaking a phased migration approach while new digital banks are just born on cloud.
“They are taking a progressive modernisation approach, a component by component or module by module movement to cloud. Can they convert it to be a microservices-based architecture or can APIs be built around it? All these experimentations are happening. Then we have a completely different breed of banks, which are digitally native challenger banks that utilise cloud from day one,” commented Rajashekara Maiya, VP, global head-business consulting, Infosys Finacle.
Talking about the transition strategy, Leung opined, “Most of our customers are really living in a huge legacy, like a mainframe environment. The first thing I will suggest is that anything that you do new, you should take it on the new platform, using agile technology and launch quickly. That’s what the cloud and the AI allow you to do. Also evolve the culture into a learn fast, fail fast”.
“Look at existing infrastructure. Some of the new applications that you want to deploy, build or you want to replace need to be a cloud native. Then you must look at some of them that you can lift and shift. And then a majority of that has to be retired and lot of legacy process have to retire,” she suggested.
Microsoft is supporting Standard Chartered in Singapore to facilitate transition towards cloud first bank and its new applications, data and AI are put on a cloud. Among other leaders in the industry, JP Morgan is moving to cloud- based core banking system from Thought Machine for its retail operations. HSBC entered into a deal with Amazon Web Services technology starting with customer-facing applications and application modernisation in its Global Wealth and Personal Banking business. Meanwhile Google announced partnerships with Goldman Sachs and Deutsche Bank as they expand their cloud capabilities.
In 2019, Philippine bank Cantilan Bank became regulated by the central bank to fully rely on a cloud-based software as a service (SaaS) system for core banking. This followed a pilot in 2017 by Cantilan Bank and Asian Development Bank on cloud-based core banking technology, supported by the Bangko Sentral ng Pilipinas (BSP) through a regulatory sandbox. It proved to be a lengthy and complex integration process that served as a test case for other banks. After the success of this project, by 2021 over 40 other regulated institutions in Philippines have reportedly received approval to shift to cloud based system.
Johnson Poh opined that an incumbent bank with existing technology will find it tough to go for a big bang approach. It would be more meaningful to take a progressive approach and mindset change, such as leveraging cloud first strategy for onboarding new projects. This can help manage the risks and at the same time not stifle progress.
The entry point that banks choose to migrate workloads is not always the same. McNamara pointed that, “There are many different ways of dipping your toe in the water, whether that's like backup and archive, a digital front end or migrating one low risk workload at the edge, or building something new in a subsidiary business”.
Most banks carve unique paths for their respective transitions. Some banks have focused on the applications but they are yet to shift data stacks. Few take the opportunity to implement newer applications and systems to cloud. While others are more aggressive and plan to shift all their critical applications to cloud.
Techcombank for instance decided to move majority of its applications including core banking system to the cloud and has partnered with AWS as part of its recently announced $500 million investment. It has started with non-critical applications and plans to move majority of critical applications to the cloud within the next three years.
UnionBank is moving towards cloud first policy, starting with data centre and computing applications. “The promise of our technology team is that in two years we will have cloud only infrastructure. We are now trying to move the core banking to cloud,” explained Aguda.
“We did a hybrid approach, we spun off a separate instance of our core into the cloud on a latest release, so that we could service our newer initiatives. So in effect, we created a bank within the bank, that was on the cloud,” shared John Howard Medina of Philippine Bank of Communications.
The hybrid model that entails new systems on cloud, whether private or public, and old legacy systems on-prem, has its own challenges including integration, compliance, data protection and ensuring resiliency.
Multi-cloud and hybrid approach to address IT risk
IT concentration risks and vendor lock in key considerations for banks in their technology risk assessment. Concentration risks also arise as most banks flock to the few leading cloud service providers (CSP) such as AWS, Google and Microsoft as these have been investing in security, maintenance and expanding centres across the world.
The increasing reliance on a small number of CSPs and other critical third parties could increase financial stability risks without greater direct regulatory oversight of the resilience of the services they provide according to the Bank of England. It said that cloud hyperscalers like Amazon’s AWS and Google Cloud may have to comply with minimum resilience standards and testing in the future. Banks also need to keep regulators informed of their outsourcing arrangements and seek approval.
The Monetary Authority of Singapore (MAS) prescribed that to mitigate concentration risks, FIs may consider implementing vendor diversity measures such as implementing a multi-cloud strategy. However, FIs should be cognisant of the added complexity of operating in a multi-cloud environment, such as having adequate resources and appropriate expertise in securing and managing the use of different public cloud services and ensuring the consistent enforcement of policies.
Cloud services are becoming too big to fail as any disruption in their services impacts millions of users. For instance, in December 2021 an outage at AWS in USA impacted millions of users and access to a wide range of services, including shows on Netflix and Disney+, web services of airlines such as Delta and Southwest, and payments businesses such as Venmo. In March 2021, Microsoft Azure was hit with an outage resulting in Office 365, Teams and Xbox Live services impacted for a few hours. Regulators are increasing their oversight and resilience assessment of these players.
Different vendors have different capabilities. To have redundancy and to reduce dependence on a cloud service provider, some banks prefer to opt for multi-cloud strategy using services and resources from more than one cloud service provider. But it needs to be accompanied with the right cloud architecture to maximise interoperability and integration.
“We are getting into a zone which is multi-cloud because there are a few applications which are very specific to a certain cloud stack. And ensuring that all of them are locally placed. In India, it's not allowed to have servers even for cloud outside India. The core dimension therefore is much more complex when you have multi-cloud and you have on-prem, so you are talking about true hybrid”, said Devendra Sharnagat, senior executive vice president, data analytics and customer value management, Kotak Mahindra Bank.
Among banks, JPMorgan Chase is executing a four-cloud approach, working with Amazon, Google and Microsoft in addition to running a private cloud. Alex Bank shared that it is using Microsoft cloud but also have AWS and Google cloud for a redundancy or back-up. WeLab bank and Tonik have also adopted a multi-cloud strategy.
Leung however advises against multi-cloud strategy. “Multi-cloud is a myth that we have to derisk. When you think about digital transformation there are four things that you have to deal with people, culture, skills, and infrastructure. Now, when you think about multi-cloud, you're talking about multiplying that into two, or three and to be honest, that's not a best practice. We have seen customers who are doing a primary cloud and then is the secondary cloud.” She added, “Because you have a centre of excellence, your centre itself needs to be one and not three”.
The costs increase in multi-cloud due to storage, integration and customisation. Banks decide their strategy based on risk considerations and priorities, but it will need a clear road map and an architecture and data framework to secure and leverage heterogenous platforms.
Data residency regulations and risk management
MAS prescribed that while cloud service providers are responsible for “security-of-the-cloud”, FIs would be responsible for “security-in-the-cloud”.
Banks in the past were hesitant to shift to cloud because of security concerns. Meanwhile cloud service providers have been investing heavily in boosting the security of cloud, automation and insights. There is now a growing acknowledgement that banks can run more securely in the public cloud, but end users remain responsible for the security of their applications and data.
Globally different regulators have different maturity level in cloud acceptance and openness. For instance, regulators in India require cloud service providers to have a local data residency. Meanwhile in Indonesia, the vendors have the regulatory approval to have it overseas in Singapore. In the Philippines, BSP has been driving adoption of technology in the financial sector especially to promote financial inclusion. In 2013 it opened up cloud-based technology solutions for the financial sector and in 2015 it adopted National Strategy for Financial Inclusion that promoted use of technology.
The onus is often on banks to prepare for the industry-led technology developments and seek approval from the regulator. Leung opined that banks need to understand the current state of the regulations. “There are certain things you can do on the cloud and certain things you have to put on-prem and irrespective of regulations. There are very sensitive data that our customers still want to put on-prem. We have a hybrid cloud as part of our cloud strategy. A combination of things that you can put on-prem and things that you will use on the cloud to leverage the guidelines,” she explained.
Major cloud service providers have increased their global physical presence to resolve these obligations to host data within the countries. Microsoft currently operates more than 200 data centers globally, arranged into regions. It announced four new ones in Asia, including Indonesia, New Zealand, Malaysia, and Taiwan.
AWS has 81 availability zones across 25 geographic regions. It plans to launch 24 more availability zones and eight more regions. McNamara shared that AWS outpost enable applications that need to run on premises or to meet local data storage needs. AWS has a region in Singapore and plans to launch in Indonesia soon. “We're committed to Southeast Asia as a growing geography for us. We launched Amazon Connect, which is our call centre, the cloud offering in Thailand with local language. We're constantly investing in localising our various AI and machine learning services for the various local ASEAN languages,” he added.
The common denominator is the security and compliance and how banks convince the regulator of their privacy, security controls, encryption, data and transparency. Even when the data is allowed to leave the country and stored overseas banks need to ensure data security, tokenisation and masking especially for personal identifiable information.
The transition needs to be accompanied with the right data governance framework, controls and security management to address potential implications and prepare for contingencies. Many banks start with non-critical applications and data and learn from the underlying process before they proceed for the entire data framework.
“Putting more governance around data management has become a bigger focus. There is a lot of focus now from an architecture standpoint on cloud native principles to data management. This is the theme of what we call as our ‘data stack 3.0’ in terms of how we think about the architecture,” explained Narayanamurthy.
Skill gap remains a challenge
Banks have operated on-premise and legacy infrastructure for long. This rapid shift to cloud technology leads to significant skill and technology expertise gaps. In today’s hybrid environment, banks need expertise for both on-premise and cloud systems as well as work with a managed-services provider. Investing in people and skills can enable sustainable competitive differentiator.
“What is very clear is that for the aspiration we are pursuing the market in Vietnam just doesn't have enough experienced practitioners yet. One of the key joint efforts (with AWS) we are undertaking is to create that capability where we really build practitioners and upscale our entire workforce,” shared Lottner.
This will also require a huge skilling and training exercise for the bank. Techcombank for instance plans to upskill 2000 of its employees. “We also want to upskill our business people so that ultimately it's not about just moving a certain technology on a different infrastructure but it's about what can we do with that afterwards and how would we actually leverage that,” commented Lottner.
Migrating workloads to the cloud is not an end in itself, it brings your core to the cloud. “If you combine that with building new digital capabilities in the cloud, then you have this kind of tight centre of gravity of an IT footprint, then you wrap that around with the right people and the capabilities,” commented McNamara.
Going forward, the pace of adoption of cloud is expected to increase as banks strive to become data-driven, need more scale, there is greater ecosystem collaboration and stronger partnerships. The technology transition and the change management, though not easy, is essential for success in the evolving competitive environment. Banks will need to craft their own strategic approach according to their priorities, considerations, technology roadmap, risks and regulations.
Keywords: Financial Services, Risk, Digitalisation, Tokenisation
Institution: Amazon Web Services, Microsoft, UnionBank, United Overseas Bank, Techcombank, Axis Bank, Infosys Finacle, Philippine Bank Of Communications, Kotak Mahindra Bank, Cantilan Bank, Bangko Sentral Ng Pilipinas, Monetary Authority Of Singapore
Guest: Conor Mcnamara, Connie Leung, Henry Aguda, Johnson Poh, Jens Lottner, Balaji Narayanamurthy, Rajashekara Maiya, John Howard Medina, Devendra Sharnagat