A small group of large US tech firms are increasingly targeting the financial services market, with concerns being raised over the operational resilience risks associated with such concentration among so few third-party providers.

Financial sector cloud use increased by 43 per cent between 2017 and 2019, according to a recent 4sl survey of 200 senior IT decision-makers in UK organisations with 1,000 employees or more. Meanwhile, research from the IBM Institute for Business Value found that in 2019, the global banking sector’s spending on cloud services approached $100 billion, with cloud-enabled workloads of top-tier banks expected to double annually.

Sankar Krishnan, executive vice president for banking and capital markets at Capgemini, told FStech at the end of last year: “We are seeing significant growth across both cloud consulting and cloud implementation – the larger global banks are following a multi-cloud strategy and the medium-sized banks are choosing a single or dual provider.”

The market for providing cloud services is dominated by five tech giants: Amazon Web Services (AWS), Microsoft Azure, Google Cloud, IBM and Oracle – with AWS, Google and Azure accounting for more than half of the cross-sector cloud computing market worldwide.

In the Bank of England governor Mark Carney’s most recent Mansion House speech he noted the fact that a quarter of major banks’ activities and almost a third of all UK payments activity are already hosted on the cloud, praising the cost savings potential to improve the resilience of the overall financial system.

However, he also cautioned that attention will have to be given to risks, including those associated in the single point of failure and market concentration, adding: “Two providers [AWS and Azure] account for nearly half of revenues in cloud computing, bringing scale and efficiency, but also concerns about dependence and a single point of failure in the case of a cyber attack.”

The Treasury Select Committee’s autumn report into financial services IT failures also focused on third party provider risk, pointing to a particular problem within cloud services.

“Where common providers are systemic, the Financial Policy Committee should consider recommending regulation to HM Treasury,” it warned. “The consequences of a major operational incident at a large cloud service provider, such as Microsoft, Google or Amazon, could be significant – there is, therefore, a considerable case for the regulation of these cloud service providers to ensure high standards of operational resilience.”

In October, French and German finance ministers launched plans to establish an EU-wide data infrastructure to challenge the dominance of US BigTechs over the cloud market. European lawmakers were responding to concerns that data storage services provided by a limited number of US-based firms could be affected by the recent adoption of the US CLOUD Act of 2018, raising fears of privacy issues for huge amounts of sensitive corporate data.

As one financial services IT decision-maker told FStech, the growing regulatory concern around cloud provider concentration risk is akin to the risk of the National Grid going down. “The FCA is worried

about most of UK financial services using AWS and hosting in Dublin for instance – we’ve seen one high street bank go down, but never 20 at once.”

Through a combination of existing coverage and new comment, FStech has assessed the big four cloud competitors and their approach to concentration risk.

Amazon

AWS dominates cloud hosting across a number of industries and its penetration of the financial services sector has already seen Allianz, Barclays, Goldman Sachs, HSBC and Standard Bank get on board.

An AWS spokesperson told FStech that one of the major trends has been for firms to build AI and machine learning technology in the cloud. “For example, Emirates NBD is using AWS to build a personalised retail banking experience, leveraging Amazon Personalize, a service that enables the development of individualised recommendations,” they stated.

Commenting on why financial services organisations choose AWS, the spokesperson attributed the company’s success in the sector to three things: being customer focused; pioneering technology and being long-term oriented.

“Most of the big technology companies are competitor-focused – they look at what the competitors are doing, and they try to one-up them. That can be a very successful strategy, it's just not ours.”

They continued: “Most large technology companies have lost their will and DNA to invent - they acquire most of their innovation - and again, it’s a strategy that can work, it’s just not ours.

“In a space that's moving as fast as the cloud is, to be partnered with the company that has the most functionality, that's iterating the quickest, has the largest community, had the vision for cloud from the start without having to patch together acquisitions; that's very attractive.”

On the long-term point, AWS cited its Trusted Advisor support function, which assesses utilisation of its cloud resources and prompts customers to spend less if their usage is low.

“When we first started doing this, people thought it was a gimmick, but if you understand our culture, it makes perfect sense, because we don't want to make money from customers unless they're getting value – we're trying to build a business that outlasts all of us, and you do that by doing right by customers over a long period of time.”

Addressing the concentration risk point, AWS pointed to the Financial Stability Board’s December 2019 report, which stated that cloud adoption does not currently present a financial stability risk, and cloud providers offer solutions to improve security, operational resilience and portability for financial institutions. “AWS’ existing remedies for concerns about concentration risk focus primarily on engineering and architectural best practices that allow customers to implement robust and resilient solutions that can far exceed current on-premise capabilities.

“What we're finding is that as our customers move to the cloud, our services are able to aid in reducing their geographic concentration risk and improve their overall business continuity planning activities,” the spokesperson added.

IBM

IBM has been racking up the financial services partnerships in recent years, building upon a long history of collaboration with the sector’s IT estate.

In the wake of the well-publicised mistakes during an IT system re-platforming, TSB parent group Banco Sabadell signed a $1 billion deal with IBM to lead an upgrade of its IT systems over the next decade. Specifically, it plans to use IBM’s cloud capabilities to accelerate digital transformation and develop a modern technology platform that integrates all its data and applications to meet growing consumer demand for app-based banking services.

On the other side of the Atlantic, IBM teamed up with Bank of America in November to design a financial services-ready public cloud, which would also be available to financial services institutions and their suppliers.

At the start of last year, IBM has posted its first annual revenue growth since 2011, with much of the gains coming from its growing cloud division. The company has secured $16 billion dollars of signings in the fourth quarter, up 21 per cent. “We had 16 deals greater than $100 million which talks to the value of our hybrid cloud, multi-cloud value proposition,” said chief financial officer Jim Kavanaugh.

As part of the same announcement, IBM announced the extension of a cloud hosting partnership with BNP Paribas for eight years, integrating the IBM Cloud hosting with dedicated data centres and strengthening its hybrid cloud 'as a service' capabilities. It has also began working with Lloyds Banking Group recently to move parts of its portfolio into the cloud.

Sebastian Krause, general manager of IBM Cloud Europe, told FStech that after the company’s cloud unit was founded in 2015 it took a hybrid and multi-cloud strategy.

“We provide an open architecture model, which differentiates us from other providers using proprietary technology,” he explained, noting that the 2018 acquisition of cloud computing firm Red Hat for a record $34 billion helped facilitate this strategy via the OpenShift platform – “something we think should be a de facto standard for the industry”.

Krause pointed to IBM’s long history providing technology to the financial services industry as being another key differentiator. “We understand business needs and the regulatory environment in Europe, so it’s no coincidence banks have been coming to us about cloud migration,” he commented, noting that IBM was the first provider to be certified by the European Banking Authority and signed up to the EU Cloud Code of Conduct.

“I think the easy ways of migrating data to the public cloud are over - the easy 20 per cent has been done, with the 80 per cent remaining are the mission-critical applications - IBM is trusted when enterprise IT capabilities are required,” Krause added.

Microsoft Azure

Microsoft has also leveraged the widespread use of its Office software suite by financial services firms to build cloud relationships in recent years.

At the start of this year, Lloyds announced it was partnering with Microsoft to accelerate its £3 billion digital transformation strategy. The new service will involve the development of Microsoft Managed Desktop, building upon a relationship started in 2017 to build and test the security requirements of banking systems and the cloud capabilities of Azure.

This is just the latest of a long line of partnerships Microsoft has signed in recent years to convert the widespread usage of Microsoft desktop applications within financial services into wider cloud storage packages.

At the end of 2019, Yooz announced a global partnership with Microsoft, combining the startup’s paperless accounts payable systems with the Azure cloud platform, while Allianz and Microsoft formed a strategic partnership focused on digitally transforming the insurance industry. Core pieces of its global Allianz Business System platform will move to Azure and it will offer a cloud-based marketplace for ready-made software applications and services tailored to the insurance sector.

In April last year, Banco Santander partnered with Azure to drive its hybrid cloud strategy, as part of a €20 billion digital transformation plan, stating its cloud and artificial intelligence capabilities will improve customer service and operational efficiency as a part of a multi-year agreement.

A spokesperson from Azure declined to comment.

Google

In recent months, Google has ramped up its financial services cloud partnership plan, striking deals with HSBC, Atom Bank and Refinitiv.

In March, Lloyds Banking Group also announced a five-year partnership with Google Cloud as part of its £3 billion digital transformation plans.

This followed a strategic partnership with Temenos, building on earlier collaboration with several joint banking customers in Europe and Asia. Temenos’ full suite of banking software and applications will now be available on Google Cloud’s Anthos, letting customers deliver workloads across on-premise and cloud environments; or even across multiple clouds.

Max Chuard, chief executive at Temenos, said he’s witnessed “explosive growth” in cloud adoption across the banking industry.

This deal with mobile-only challenger bank Atom in September, moved it from third-party on-premise data centres to Google Cloud to develop and release new products and services quicker.

Chief technology officer Rana Bhattacharya commented: “Atom bank has always had the ambition to be built in the cloud, along with the intent to scale.

“The types of products we offer today run very effectively on our current technologies but things have changed - to take advantage of the current innovation and build for future speed we’re re-platforming the bank - by leveraging Google Cloud, it will allow us to be cloud native, building more SaaS and creating an architecture that is efficient and resilient.”

Google Cloud did not respond to requests for comment.

Looking ahead

Market analysis by AXA Investment Management suggested that financial institutions will need to spend hundreds of billions of pounds on their IT systems over the next few years in order to be able to compete – with migrating data to cloud storage being top of the agenda for many. Banks alone are forecast to spend $296.5 billion on digital transformation projects globally by 2021, according to a report in October from the AXA Framlington FinTech fund.

Tom Bigham, partner in the risk advisory group at Deloitte, agreed that there has been an acceleration over the last couple of years in terms of financial services cloud migration – with cost savings, flexibility and support being the main driving factors. “Providers are also increasingly offering enhanced monitoring capabilities that supplement what firms can do already.”

An IT decision-maker for a UK high street bank told FStech that Microsoft “just gets financial services” and particularly understands the regulatory pressures, while Google is the least experienced in the sector and AWS doesn’t appear to need the customers and won’t modify support requirements to fit the industry.

“Azure is chasing the market, they committed to building a data centre in Switzerland for instance,” the person stated, adding: “If you’ve already got Office 365 installed then it’s clearly less hassle to move things to Microsoft’s cloud.”

Suchitra Nair, director in Deloitte’s EMEA Centre for Regulatory Strategy, explained that regulators have recognised the fact that there are significant cost savings with moving to cloud, so want to support the industry while managing the risks. “Of course, they can’t mandate the providers firms use in an attempt to avoid concentration risk, so their focus is on ensuring operational resilience.”

An outsourcing register was one measure proposed in the UK regulator’s most recent consultation paper, in order to better understand the scale of concentration risk, meanwhile the recent European Commission consultation proposed an oversight framework for third-party tech providers and has sought feedback from firms on a number of areas, including rotation of cloud providers.

“Firms are being encouraged to build in stress scenarios, making provisions and testing systems,” said Nair. “There has been a trend towards bigger financial services firms taking a multi-cloud approach, they must be more proactive and understand where their critical services are as complexity increases.”

Another financial services IT decision-maker, who wished not to be named, said that AWS is actively pursuing increased financial services market share and has worked with regulators in various regions to ensure compliance. However, someone else FStech spoke to for this piece said that given AWS’ scale, there isn’t often a lot of negotiation to be had. “It’s basically take it or leave it,” they commented.

“The rate of innovation means you can’t keep competitors out and you’ve got no control over which provider becomes dominant, so it makes sense to work with more than one,” he stated, noting that it’s a trade-off between getting better value with one service provider and the fear of being locked in.

Share Story: