This is a continuation of my post The Digital Corporate Bank, Part One: Payments in the Cloud, on The Finanser – for the full background, read that post on the Finanser, https://thefinanser.com/2019/09/corporate-cloud-based-payments-whats-that-all-about.html/

There are three major areas where corporate banks need to modernise in order to achieve their full digital potential, and generate truly outstanding corporate customer payments experiences: moving payments to the cloud; fast-tracking real-time / instant payments adoption; and embracing open banking and APIs.

In this post we’ll look at the first, payments in the cloud. We’ll look at the benefits of the cloud for corporate payments, and close with some thoughts on how some former blockers to adoption are no longer a cause for concern, particularly in light of emerging use cases for cloud servicing.

Benefits of cloud servicing for corporate banks

Cost-effectiveness: It will save money. Studies from many industries, both within and outside financial services, show fairly consistently that implementing the right cloud strategy can save up to 40% in ongoing operational cost. A principal reason for this is reduction in the cost of compliance, in addition to savings on raw infrastructure. Corporate payments services are no exception.

Scalability: It will help them manage rising volumes much more effectively. This is not merely a technical matter: with electronic payment volumes rising faster at 9% CAGR or more (depending on region) than payments revenues, margins are under pressure. So a strategic approach to scalability is a must for maintaining a healthy business.

Customer value creation: Freeing up budget and resources formerly dedicated to running infrastructure will help accelerate the development of compelling customer value propositions and experiences, which is the whole point in the end of becoming a digital corporate bank. This is not a mere “nice to have” – corporations have shown that they will vote with their feet, moving their transaction business to banks that can provide superior service. 

Global support: operating a full processing service 24*7, a key element in both real-time payments and the API economy. The importance of this should not be underestimated. APIs that aren’t instant don’t make sense, and almost all payment schemes – not just newer real-time / instant ones – are moving to 24*7 or expanding operating windows. Taking advantage of the always-on nature of cloud, and the scalability of managed-service providers in running infrastructure on the bank’s behalf, makes perfect sense.

Former barriers to adoption and how they are being removed

Those who are still on the fence seem to be there because of persistent myths, such as:

It’s not secure enough: this might have been true at one point, but the reality is that cloud services are now arguably more secure than traditional bank data centers. There is no way that even a large bank can spend the type of money on security and data protection that cloud providers like Microsoft Azure and Amazon Web Services do, in excess of $1bn every year. Clouds are much tougher to hack into than physical data centers, because of the way data is distributed and stored, across a much larger array of physical servers.

I’ll lose the customer data: this is something of a red herring because the majority of data loss situations are caused either by application errors or human malfeasance, both of which are independent of technology delivery. Viewed purely from the perspective of backup and data redundancy, cloud services have built-in data protection and replication services that far exceed the abilities of mid-range bank IT shops. And properly run managed services, whether cloud or not, do ensure that banks have the same—or better—access to their data relative to their own data centers.

It won’t pass compliance: this chestnut can finally be put to rest. Regulators in multiple jurisdictions have already given clouds like Azure and AWS, among others, the green light for financial transaction processing. Consider that FINRA, the U.S. financial market watchdog, has been using the cloud for years, and now has 60 petabytes of market data in the cloud (!). They’ve even published a handy, if techy, guide for moving production systems to the cloud: http://technology.finra.org/articles/moving-your-production-system-to-cloud.html.

Cloud and outsourcing: not the same

Many banks used to consider cloud to be the same as outsourcing, but the two areas are very different. Sure, you are moving infrastructure, software or hardware to third party platforms but, unlike outsourcing, the bank may still be in control of that infrastructure, software and hardware. In an outsourcing relationship, the third party owns the platforms and runs them; in a cloud relationship, the third party provides the platforms and can run them in a public cloud operation, or the bank can run them in a private cloud operation. It’s very different.

This is clarified well in a 2017 white paper https://www.bba.org.uk/wp-content/uploads/2017/02/BBA01-470474-v1-BBA_PM_-_Banking_on_Cloud.pdf from the British Bankers Association (BBA, now UK Finance). The paper makes clear that banks have issues with several areas of cloud usage including:

• whether the cloud is running mission-critical services
• the supervision of the cloud provider by the relevant financial regulatory authorities
• issues around where the data is physically stored, and whether it breaks national laws if held overseas;
• the risk of said data being shared outside the bank, especially as it pertains to customer privacy and cybersecurity; and
• the potential issues of contract termination and exit from cloud services provision.

These are real areas of concern and are being developed and worked upon by banks, service providers and regulators across the world. Possibly one of the most advanced territories where these concerns have been addressed is in Singapore, with the Monetary Authority of Singapore (MAS). The result is that, in August 2019, the Association of Banks in Singapore (ABS) published their revised recommendations for cloud usage https://abs.org.sg/docs/library/abs-cloud-computing-implementation-guide.pdf, which clearly shows that cloud is not one homogeneous market sector area, but a complete smorgasbord of services from infrastructure to platform to software that can be bank managed or managed by a third party. It is all dependent upon what service is being moved to which cloud as to the risk considerations to consider in such a move.

Mapping a way forward

Once the theoretical dust has settled, practical steps need to be taken. Where is the best place for corporate banks to start their cloud journey? I can think of three specific areas:

1. Accelerating the onboarding of corporate payments files: Dealing with the complexity and variety of corporate payments submissions – ISO 20022, proprietary, custom ERP formats and so on – is a major headache for bank IT departments, and slows the onboarding process. Outsourcing this function to a cloud-managed solution is a natural place to start, since it doesn’t require touching core systems.
2. Open banking and PSD2: while most banks have already addressed basic PSD2 compliance, it’s a long journey from there to becoming a true API platform bank. APIs are much more effectively delivered, and are more easily consumed by corporations and fintech partners, in the cloud.
3. Real-time / instant payments: given that no-one knows how quickly volumes will rise – other than ‘quickly’ – or exactly how banks will monetize these new payment types, it doesn’t make sense to take a traditional infrastructure approach. Also, since RTP is new, there are no legacy systems to migrate from, making real-time payments an ideal fit for cloud service.

On that last point: to help banks speed their cloud journeys, Volante is offering a full three years of cloud-managed processing for any one real-time / instant payment type – U.S TCH RTP®, EU TIPS, or EU RT1, as you like – completely for free. Learn more here: http://volantetech.com/freertp.