Every Cloud has a Regulatory Lining

Traders Magazine Online News, December 8, 2017

Andreas Gustafsson and Jimmy Kvarnström

In order to keep up with the regulatory framework, in a time of technology paradigm shift, regulated entities are moving away from traditional compliance methods to consider newer, more innovative technology also to assist in managing compliance requirements. This applies especially in relation to data storage.

Cloud services allow regulated entities to swap fixed capital expenses for variable expenses that are tied to additional revenue. The “on-demand” structure encourages new development – be that new services or meeting regulatory requests – as the running costs are directly proportional to the usage.

Current models require firms to anticipate demand and dimension their environment accordingly, covering the range from hardware and operating systems to staffing for operation and maintenance. One area that has seen a significant increase in adoption by financial institutions in recent years is cloud-based services. However, regulators have remained concerned, particularly with regard to data security.

Cloud Services

The UK’s Information Commissioner’s Office defines a cloud service as providing “access to computing resources, on demand, via a network”. These services are typically the product of a large pool of IT resources provided to numerous users via the Internet. The cost and quality implications of the resulting economies of scale have resulted in cloud services being a viable, and often beneficial, IT option for sophisticated corporates and financial services institutions.

The cloud services market is generally comprised of three broad categories:

• Software as a Service (SaaS) – This is the provision of services such as email, office applications and customer relationship management systems, via the Internet.
• Platform as a Service (PaaS) – This is the delivery of an IT environment via the Internet, which can be used to run applications.
• Infrastructure as a Service (IaaS) – This is the provision of IT resources such as storage or processing. Usually this is in the form of a virtualised environment, which gives users access to part of a pool of computer services.

Alongside the benefits of the cloud come particular risks, which differ from those associated with traditional outsourcing arrangements. These risks primarily affect the degree of control over the service enjoyed by the user. As a result, proposals for cloud services need to be analysed to ascertain their compliance with outsourcing and data security rules issued by financial services regulators as well as data protection requirements. 

Increased Regulation

For more information on related topics, visit the following channels:

• Technology
• Insights/Viewpoints
• Regulations