PYMNTS-MonitorEdge-May-2024

Compliance In The Clouds: How The Pandemic Is Affecting Banks’ Cloud-Native Futures

Banks must adhere to shifting payments and data-privacy regulations as more consumers go digital. In the latest Digital Banks And The Power Of The Cloud Tracker, Rudolf Schmidt, chief technology officer for German challenger bank Fidor, explains how harnessing the cloud can help banks quickly and flexibly ensure compliance.

Banks in the EU have been racing to comply with the General Data Protection Regulation (GDPR) and the revised Payment Services Directive (PSD2) since both measures were enacted in 2018.

These rules govern how digital banking is managed and which types of data are considered sensitive, and they were developed to keep pace with a steady rise in digital banking adoption. The number of consumers taking to digital channels for their financial needs has skyrocketed during the pandemic, however, harshly testing these relatively new rules.

Cloud-based solutions could be key to offering the flexibility that is necessary to ensure compliance with quick-changing regulations, however, and financial institutions (FIs) that have not moved their banking infrastructure to the cloud are likely at a disadvantage, Rudolf Schmidt, chief technology officer at German challenger bank Fidor, said in a PYMNTS interview. He explained that the cloud can help FIs swiftly respond to compliance and security challenges during the pandemic.

“With regulations governing open banking, [like] PSD2, and storage of data, [like] GDPR, we now have an even stronger case to securely open our systems to external partners,” Schmidt said. “Traditional monolithic software can limit the ability to apply even simple updates in a short time. This is where cloud-native and microservice applications come in. They [focus] on specific business logic, require engineering discipline and enforce standards. So, evolving regulatory requirements can be built into new services proactively instead of [as] an afterthought. Adding the flexibility to scale and deploy software individually has helped us during the pandemic.”

Applying changes at scale is critical for FIs during the health crisis, but it comes with its own challenges. The pandemic’s effects on online banking and cloud solution usage may significantly affect how such technologies are deployed — and what standards are set for their use — in the near future.

The Cloud And Compliance Challenges

FIs in Fidor’s native Germany should by now be familiar with the standards set by GDPR, PSD2 and other regulations aimed at online banking. Such rules determine how different entities can access the data banks hold, Schmidt explained, including standards for private companies and law enforcement agencies.

“Coming back to ‘What is the compliance aspect?’ at least for Germany and Europe, the regulation is well-defined [for banks],” Schmidt said. “The guidelines for cloud computing cover aspects around jurisdiction and location of data, availability of your services, incident handling and recovery. They also regulate how investigation inquiries from government authorities are handled. So, [there is] quite a list of controls and measures that are required when outsourcing to cloud providers.”

The pandemic is revealing to many FIs that such guidelines are necessary as they grapple with providing speedy digital service to a growing number of customers. Most EU banks are not necessarily struggling to ensure that their cloud-based services comply with regulations, Schmidt explained, but they are straining to be certain their cloud-based solutions are operating harmoniously. That means identifying cloud-based offerings that can seamlessly integrate with existing core banking systems and allow the bank to scale both now and in the future.

“Not every aspect of [one’s] banking infrastructure is ready for the cloud, so you need to thoroughly address that,” Schmidt said. “I think, in general, apart from the technical transformation, [you need to consider] what this [migration] means for your staff because you need to provide training and certainly certification as well to adequately operate a financial solution.”

Schmidt noted that the pandemic has also shifted FIs’ views on cloud-based solutions’ benefits. The technology’s speed and seamlessness have long appealed to banks, but many are now also eyeing the cloud to keep their data secure.

Security Takes Center Stage

Fraud is slowly creeping up the longer the pandemic persists, prompting many customers to more intently scrutinize banks and businesses to ensure their details are protected. This means FIs are also taking a closer look at their online data security and examining how cloud-based technologies could help them shore up any weak points.

“The main aspect is perceived security,” Schmidt said. “In the end, many [cloud] customers are coming from an on-premises environment. The processes are designed around this, so moving to the cloud requires careful evaluation and [rethinking] how security aspects are guaranteed to the same level. During the past few years, however, the adoption rate has clearly increased.”

Overcoming that reluctance may be key to enabling FIs to follow their markets’ regulations and engage with digitally-savvy yet fraud-wary consumers. Having flexible, efficient core banking infrastructure is becoming essential to competing in the global financial world, making the role of cloud technologies more important than ever.

PYMNTS-MonitorEdge-May-2024