From sovereignty and security to governance and compliance, banking in the cloud demands new ways of thinking and working. Traditional banks, digital banks, and banking as a service (BaaS) providers alike need to make well-informed decisions to ensure cloud-based applications are robust and resilient. However, it’s not always easy to navigate the many options and obstacles that inevitably arise on the cloud adoption journey.
Security, Resiliency, Operational Efficiency
Recognising the unique challenges of the financial services sector, major cloud providers are offering specialist guidance that can benefit banks. Amazon Web Services (AWS) has published a dedicated Financial Services Industry Lens for its Well-Architected Framework so customers can understand the pros and cons of decisions made when building systems. It describes “how to design, deploy, and architect financial services industry workloads that promote the resiliency, security, and operational performance in line with risk and control objectives…including those to meet the regulatory and compliance requirements of supervisory authorities.”
Typical scenarios considered by AWS include those related to storing and handling financial data, regulatory reporting, and open banking. The guidance also details four general design principles that are pertinent to the sector. These include documented operational planning, automated infrastructure and application deployment, security by design, and automated governance.
Satisfying these principles requires a deep working knowledge of cloud architectures, tools, and services. Our global team is well-versed in these areas, and in the specific requirements of banks and relevant authorities. Read on for some examples of how we’ve helped traditional banks, digital banks, and BaaS providers realise their cloud ambitions.
How Sourced Helped a Traditional Bank Adopt Cloud-Native Principles
A large UK banking group needed to modernise its cloud-based finance and risk data platform to improve the speed and simplicity of engineering. The platform handles more than 100 million transactions per day, many of which are governed by stringent regulations. When regulatory requirements are updated or new sanctions are introduced, it needs to adapt quickly. But historically the bank found this challenging due to the large codebase and tight coupling between various components.
Specialist engineering expertise was needed to boost the platform’s cloud maturity. It was hosted on AWS and built using the open-source infrastructure as code tool Terraform. We simplified use of Terraform, making it easier for the bank’s teams to exploit AWS capabilities to meet changing regulatory and compliance needs. The changes quickly delivered material improvements to the speed and quality of engineers’ output as well as laying strong foundations for future development. Find out more about the engagement here.
Maximising Platform Security Ahead of a Digital Bank Launch
UnionDigital Bank (UD) needed to satisfy requirements set by Bangko Sentral ng Pilipinas (BSP), the central bank of the Philippines, to obtain a licence to operate. This demanded sophisticated cloud security measures, and the team was facing regulatory challenges that it hadn’t encountered before. We were engaged to ensure quick and effective implementation of advanced cloud security tools, approaches, and controls in line with BSP requirements.
Since AWS Control Tower was being used for the banking platform’s landing zone we focused on leveraging its built-in governance capabilities. This allowed us to meet BSP’s stipulations in an efficient and effective manner. We also used the AWS Config conformance pack for Center for Internet Security (CIS) benchmarks, which provided basic detective and corrective control coverage. AWS Key Management Service (AWS KMS) was used for encryption, with a pipeline created so UD teams could easily request keys to secure applications.
Enterprise regulation dictates that all logs should be held in a Security Operations Centre. We achieved this using AWS Kinesis Firehose to extract Amazon CloudWatch logs in real-time and sink them into a centralised S3 bucket. Finally, we took steps to ensure standard operating environments for the bank’s compute workloads.
These measures were instrumental in UD’s successful application for a banking licence. It launched in July 2022. Read the full case study here.
Migrating a BaaS Platform to a New Geographic Region
White-label BaaS solution Standard Chartered nexus (SC nexus) needed to migrate from AWS Asia Pacific (Hong Kong) to AWS Asia Pacific (Jakarta). The migration had to be completed within a tight timeframe to meet the needs of a key partner.
Notably, some of the required AWS services were not available in the Jakarta region at that time. To overcome this, we architected compliant workarounds which met regulatory standards. We worked closely with the application team at SC nexus and relevant departments from Standard Chartered Bank to deliver two core outcomes:
- Swift migration – a migration that would usually take one year was successfully completed in nine months.
- Regulatory compliance – the new set-up complies with all relevant financial services regulations in the region, from data localisation to security requirements.
The migration enabled SC nexus to deliver a full retail banking capability within Indonesian e-commerce firm Bukalapak’s ecosystem. This facilitated the launch of digital banking platform BukaTabungan in September 2022.
Find out more about the technical challenges and how we overcame them here.
Strong Cloud Foundations are a Critical Success Factor
With cloud adoption on the rise in banking, strong foundations are of paramount importance. This underpins best practice across all disciplines, from security to scalability and operability to cost management. Expert implementation of cloud technologies is one part of the equation, but understanding the specific requirements of banks and supervisory authorities is also key. The Central Bank of Malaysia’s forthcoming Cloud Technology Risk Assessment Guideline is a case in point.
Find out how we can help you unlock the business benefits of cloud adoption quickly and securely.
With 20+ years in financial services and technology, Robert has worked on 3 continents helping customers effectively transform their businesses through adopting new technology, process, and strategy. Initially focused on institutional banking, recent years have had a bias towards insurance technology transformation, latterly as CRO at Ignatica a Hong Kong based insuretech looking to address the challenge of monolithic administration systems through microservices technologies.