Financial Institutions and joining force to solve the cloud compliance dilemma.
Regulation of cloud services is intensifying and for financial institutions it has become a major threat to their growth and innovation.
Companies are finding that they are having to invest huge resources into ensuring cloud security, data protection and privacy. There are now an overwhelming number of jurisdictional and regional mandates for cloud security. It is proving costly and complicated for companies to comply with these often conflicting and constantly evolving regulatory demands.
Because of their cloud compliance concerns, companies are finding themselves hiring large amounts of staff just to do little else than monitor new internet regulations, assess their impact and implement the necessary changes to security frameworks and internal controls. These processes are extremely labour intensive, largely because they are handled manually.
Many firms are desperate to find a a better way. So too are the cloud service providers (CSPs). They are also finding themselves encumbered by the new regulatory demands.
Developing an Industry Standard for Compliance
Each time regulation changes or a new regulation is introduced, CSPs and the companies that use their services need to work out the corporate implications. Both need to ensure that they are compliant and that regulators’ security, privacy and resiliency requirements are being met, especially when non compliance can result in hefty fines.
Financial firms, CSPs and Regulators all share a common objective when it comes to the cloud. They want a simpler, more streamlined governance. They believe the answer lies in standardising the current surplus of regulatory requirements and controls and then automating compliance.
In May 2017, an initiative was launched by IBM to build an industry standard cloud control framework for financial services.
The idea here, was to ask financial services stakeholders to form a working group that would establish standard cloud controls and requirements for each jurisdiction and each case.
As of October 2017, 30 financial institutions have agreed to participate in the project.
The indication from such a strong showing is that frustration with regulatory compliance is in urgent need of a solution.
For over 90% of these companies their no 1 obstacle for cloud adoption is identified as regulatory compliance. All want to take advantage of public cloud solutions but fear that any gains they make economically will be negated by the high cost of compliance.
Automating Cloud Compliance
IBM have produced a new white paper Turning the Regulatory Challenges of Cloud Into Competitive Advantage,”
It makes the case for an industry standard framework and control library as the essential foundation for simplifying and automating compliance. And explains the opportunity in front of financial services to solve the regulatory compliance dilemma.
Advances in cognitive computing, artificial intelligence and analytics, it predicts will provide the technology to enable this framework.
It is already possible to update industry-standard frameworks and controls automatically and not notify companies when regulatory changes occur using these technologies.
Cognitive technologies have the potential to manage financial services companies cloud compliance dynamically, updating internal frameworks, polices and controls in near-real time in response to changes from regulators.
Companies will be able to access the industry standard framework and control library as a utility service as needed to dynamically adapt to and consume updates without compromising their own control libraries or proprietary frameworks.
These capabilities, known as cognitive regulatory compliance, will mean financial services will be able to continuously align with regulators and the controls they are enforcing. They allow companies to stay on top through rigorous monitoring and automatic notifications.
Cognitive regulatory compliance does away with the manual processes and procedure that impede cloud adoption. Financial services companies will be able to monitor the cloud ecosystem end to end, vital for widespread adoption.
There is an opportunity for financial services companies to lessen the burden of cloud compliance by working more closely with regulators and CSPs.