65 per cent of cloud services are provided by just three entities, whose dominance is raising concerns among financial regulators, a report by the Association for Financial Markets in Europe (AFME) has found.
The AFME report, entitled ‘State of Cloud Adoption in Europe - Preparing the path for Cloud as a Critical Third-party Solution’, finds that this entity dominance, among other factors, is making it more difficult for firms to adopt cloud services and fully leverage their potential.
Financial institutions are also subject to multiple different regulators that may ask for the same information in different formats and through different channels, the report adds, with regulatory fragmentation and long approval times preventing financial institutions from innovating and slowing the pace of cloud adoption.
AFME cited the management of disruption in the cloud as a significant barrier to further innovation, with several high-profile cloud service outages highlighting the need for greater visibility and confidence in cloud providers’ abilities to predict, manage and communicate disruptions.
This is mainly due to the fact that “regulators expect financial institutions to have primary responsibility for resisting threats to operational resilience, to guard against service disruptions and to recover from incidents,” the report outlines.
AFME suggests nine recommendations for policymakers to address these challenges, including considering how cloud solution providers (CSPs) could be encouraged to provide greater transparency on resiliency, dependency and security issues within cloud services.
It outlines that greater visibility and analysis of dependencies between regions and the underlying control plane within each CSP is paramount. It also says that the adoption of multi-cloud strategies should remain at the discretion of individual financial institutions and should not be mandatory. Such a mandate could increase, rather than address, systemic concentration risk, the association warns.
In terms of regulatory complexity, AFME requests that authorities consider an approval model for deploying services to the cloud at a platform level, or remove time requirements for notifications, to reduce delays in the approval process.
The association also encourages greater coordination between the European Central Bank, European Supervisory Authorities and National Competent Authorities to ensure a consistent application of outsourcing. It asks that Information and Communication Technologies’ third-party registers also ensure minimum duplication for financial institutions and supervisors.
In addition, it requests that policymakers and regulators refrain from requiring localisation of data or cloud hosting solutions, as this challenges resilience, inhibits innovation and increases operational complexity.
Published in collaboration with Protiviti, AFME’s report follows a September 2021 publication outlining the key regulatory barriers to the greater adoption of cloud services in capital markets – ‘Building Resilience in the Cloud’.
Fiona Willis, associate director of technology and operations at AFME, says: “The benefits of cloud technology for the growth of the financial services sector are clear. [It allows] financial institutions to deliver agile, scalable and resilient services to their clients. However, our report finds the rate of adoption of cloud technology is currently being held back by overly complex and unharmonised regulation.”
She adds: “AFME members believe it is essential that policymakers, in the EU and globally, do not inadvertently impact the continued adoption of cloud services. We therefore make key recommendations to help ensure regulators and policymakers can work together to unlock the full potential of cloud opportunities for the financial services sector.”
James Fox, director of Enterprise Cloud at Protiviti, comments: “Regulators are quite rightly taking steps to make sure that the application of cloud technologies within financial services is properly regulated to avoid any potential risks or issues that could harm the global financial system.
“However, a careful balancing act needs to be struck between properly regulating cloud technologies and not stifling innovation and competition within the financial services sector, and as our recent report shows, the current regulatory complexity is making it more difficult for financial institutions to adopt the cloud.”