The Compliance Imperatives for Moving to Public Cloud
For many financial services firms, the path toward the cloud began long before the global pandemic, typically driven by a combination of two forces:
- The demands of the business to stay competitive, requiring that firms consistently add new offerings, appeal to a new generation of first-time clients, and capitalize on broadening geographic markets
- Technology modernization, as firms with legacy on-premise technologies are not equipped to address the collaborative, multi-modal data types that are now integral to business communication
The heavily regulated financial services industry has made big strides in the shift to digital. However, around 70% of financial organizations say their cloud projects are still in the initial “trial and testing” phase.
What’s holding firms back from fully transitioning to cloud-based services? And why is it more important than ever for compliance teams to embrace cloud-centric solutions?
5 obstacles to change
We have discussed this conundrum with compliance practitioners, strategic partners — including AWS — and within FINRA and SIFMA industry forums. The most common barriers and challenges being expressed include the following.
1. Perception of data security in the cloud
At the recent FINRA Cloud Computing Conference, attendees shared their concerns on moving to the cloud:
The survey indicated several areas of concern, including the possibility that a concentrated market of cloud storage providers creates clear targets for large scale cyber attacks, and that moving data to, from, and (potentially) among cloud providers may increase the risk of data loss.
2. Operational resistance to change
This element combines common responses, including:
- "That’s not how we do it."
- "It’ll take too long to retrain our compliance tech staff."
- "I prefer to see our data."
This kind of resistance is understandable in the financial services industry. But it does not take into account how long existing processes can be sustained. Increasing data volumes and the increased energy it takes for compliance staff to supervise messages or investigate false positives is incredibly resource intensive.
It also ignores the chance of financial, legal and brand damage due to compliance mishaps that could have been avoided with more efficient, modern technologies.
3. Compliance application resilience
In this context, resilience is not just the unavailability of compliance applications due to a possible cloud service disruption. It’s also the risk that compliance workflows can be impacted by cloud performance issues, which could slow data ingestion, search and retrieval, or export of data required for time-sensitive compliance tasks.
Considering that many firms lack production-level experience in this area, it might also fall into the “fear of the unknown” category, versus known processes to restore systems or provision additional storage or processing power of on-premise compliance technology (as expensive and disruptive as those are known to be).
4. Inadequate compliance controls
On-premise compliance applications have decades of development baked into a firm’s infrastructure and workflows. Most likely, features and access controls were designed to operate in proximity to messaging and directory infrastructures. Firms that follow this approach may believe that their custom-built compliance controls can’t be matched by cloud technology.
In reality, this prevents organizations from accommodating evolving regulations, technology and practices. Each change requires a stop-gap and solving for the immediate issue without consideration of future growth and challenges. This commonly results in bloated compliance controls that require customized maintenance and training while being sluggish in the face of change.
Cloud-based compliance controls are often developed in conjunction with messaging vendors. There won’t be a need to customize connectors for a specific firm’s infrastructure. Problems and incidents will become far less common and maintaining and supporting solutions much less costly.
5. Economic justification
Moving to the public cloud has a future cost saving component and a huge reduction in capital investment. But at the same time, it means jettisoning an infrastructure that may have years of useful life remaining. It also means running the two systems in parallel for a period, which can elevate costs and require investment at least in the short run.
The cloud-based digital transformation is well underway, and it’s a matter of time before it dominates the landscape. While the importance of cost reduction, flexibility and security can’t be overstated, its real power is that it makes infrastructure into a competitive advantage for the firm, making an overhead cost center into a marketing tool.
Because of this, firms are revisiting the earlier assumption that moving to the cloud is an unnecessary cost. As a result, more firms are adjusting migration strategies to fit within financial projections and looking at business benefits more holistically to justify the move.
Moving past the challenges
In our recent guide — "The Cost of Doing Nothing: Public Cloud" — we explore these common obstacles further. We discuss why reality runs counter to these arguments, how to move forward, and — most importantly — why maintaining the status quo (i.e., "doing nothing") may be the greatest cost of all.
You’ll also learn why and how cloud-based compliance applications address:
- The ever-growing set of communications and content types (chat, text, social, voice, etc.) that regulated users need to engage with clients
- How to keep up with the increasing volume of communications data by adopting artificial intelligence and machine learning to augment supervision processes
- The legal and privacy needs of global organizations operating across jurisdictions
Share this post!
Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.