Supplements » FundTech Winter 2019

The Cloud: Cloudy with a chance of risk

Digital_abstractFirms are turning to the cloud in increasing numbers, but not all of them are aware of the risks involved. Nicholas Pratt investigates.

Financial services of all types have grown more comfortable with the cloud. Furthermore, they are prepared to move more of their operational assets to the public cloud. In 2019, Deutsche Bank announced plans to move the majority of its applications from “expensive and inflexible physical servers” to the cloud. And in July, HSBC signed an agreement with Google Cloud to expand its use of cloud technology and adopt a ‘cloud first strategy’.

Meanwhile, a survey from US-based Tabb Group found that 7% of buy-side firms plan to adopt 100% cloud adoption in the next 12 months. While this may not be a massive number, it is 7% more than in the same surveys run in the previous two years.

Increasingly asset managers are no longer looking at the cloud as just a cheaper option for their IT infrastructure but as a way to manage their administrative burden and their application development. For example, IHS Markit found that 80% of asset managers in Europe and North America plan to use the cloud for their data management by the end of 2020.

The IHS Markit survey also found a growing awareness of managed service providers (MSPs): specialist IT services firms that help firms manage their migration to the cloud. The potential growth of the MSP market was spotted by global private equity giant Blackstone in 2018 when it acquired Cloudreach, which it describes as one of its ‘tactical opportunities portfolio companies’.

One of the main reasons for the popularity of the MSP market is that the cost, work and risk involved in migrating to a cloud-based platform can sometimes be overlooked by firms that have decided to manage the migration on their own. In the eyes of some MSPs, this move is akin to deciding to do your own loft innovation or represent yourself in court.

“Trying to maintain an efficient operation during that migration creates a huge operational risk,” says Jed Gardner, senior vice president, Linedata Technology Services. “You are taking that traditional IT structure and moving it to an outside environment, but in most cases you are not moving everything, so you now have two different operational locations. Using multiple cloud providers poses even more of a challenge, especially in terms of security and regulatory issues.”

For example, national laws around data portability are inconsistent. While a number of countries have clamped down on allowing data to leave its borders, others have become more relaxed. For example, Switzerland has rolled back decades of banking secrecy laws to enable clients’ data to be stored abroad in the cloud.

Focused on security
Regulators are also becoming more involved in the oversight of security at cloud providers. Luxembourg issued rules for fund managers using the cloud, while the European Central Bank has also issued warnings to banks employing cloud providers regarding the monitoring of security protocols. Employing an MSP is consequently a necessary step for firms operating in the cloud across several jurisdictions with different rules.

An MSP can also help manage some of the cultural challenges involved. The fear of change can make any cloud migration a challenging journey. Old habits and the status quo will be broken as the way that teams craft software or use automation will change.

Closely aligned to the cultural challenge is the skills deficit. New technologies mean new ways of working and cloud migrations can often expose a skills gap, which may require retraining of existing staff or even the recruitment of new talent. Neither is easy. The former involves overcoming some of the aforementioned cultural issues while the latter is no longer as straightforward as it once was, with big tech proving more of an allure than financial services to the next generation of technologists.

Firms can also fail to consider the full financial cost of such moves, including data, application and API integration, says Gardner. This is especially true for the smaller fund managers that do not have large technology teams and are keen to benefit from the operational advantages of using the cloud. “They may have lots of applications involved in a migration. Losing access to any of those would have a huge impact on their daily business.”

In the past, the easiest option was to pretend such obstacles weren’t an issue, but Gardner says that’s changed as awareness around cyber risk and vendor due diligence increases. However, there is still a lot of ground to make up. “Asset management has been heavily underprepared,” he adds. “Firms need to think differently about who they engage with. They should choose partners that understand asset management operations, and not just cloud technology.”

If done correctly, public cloud migrations offer plenty of benefits, but the motivation behind the migration is also important, says Gardner. “If you’re looking at how you can generate operational alpha through the cloud and other new technology, like containerisation and APIs, that’s all great. But if your primary aim is to save some money, that is not the right reason to be migrating.”

Important benefits
Firms also have to consider exactly what processes or functions are best suited to the cloud. For example, some of the benefits include a more agile environment for application development or automated testing of those apps – benefits that will be increasingly important as firms look to be more innovative.

Eze Castle Integration provides managed IT services for both the public and private cloud, including outsourced IT services support for migrations, teams of engineers and cyber-security support.

“We spent many years migrating fund managers on to our private cloud, but we are now seeing an increasing number of larger firms using the public cloud,” says chief technology officer Steve Schoener.

“Greater comfort comes with time and more firms found they were being asked why they were not in the cloud. It can enhance operations, especially disaster recovery and resilience. The idea of data sitting in the office is dying. And firms are being asked how they securely store investors’ data.”

Nevertheless, to gain the benefit of enhanced security, the migrations have to be done correctly, says Schoener. “People want to do things themselves, but this can create security risks. Typically it is not AWS or Azure that get hacked. Instead, the connection with the cloud provider can be badly set up in the migration. We have seen it ourselves several times and have developed implementation standards as a result. A lot of firms try it themselves, mess it up and then come to us.”

Managed_service_providersIt is a familiar theme for MSPs that their clients often fail to put in place someone with the adequate qualifications to manage the operational risk involved with cloud migrations. “We are typically dealing with COOs and CTOs and compliance teams rather than risk staff,” says Linedata’s Gardner of his engagements with fund managers.

“It varies hugely and depends on how big the organisation is. In a lot of mid-sized organisations, the COO is also covering a lot of operational risk issues. Although they may understand operations, they may not necessarily understand operational risk. As you get to the larger firms, they will hire dedicated operation al risk managers.”

An additional problem is the opposition to letting third parties manage something like operational risk, preferring to keep it in-house. While this may be fine for a big firm with adequate risk resources, it is less helpful for smaller fund managers, says Gardner.

“Some managers are not managing operational risk adequately but are worried that outside firms wouldn’t understand their specific requirements well enough to help them. By the time they do realise they need outside help, the damage may already be done. If the industry could accept the value of outside firms in managing operational risk, it would be better.

“Many firms realise they have a problem but don’t know what to do with it, so they make it worse. On operational risk, it really doesn’t need to be like that. Know what your risks are and accept that you can fix your risks in various ways, including the use of third parties,” says Gardner.

© 2020 funds europe

Thought leadership

AXA_IM_native_image

What should investors expect in 2024?

For the year ahead we expect lower growth, lower inflation and limited interest rate easing. Find out more in AXA IM’s Outlook 2024.

DOWNLOAD THE FULL OUTLOOK »
Ocorian switching admins native

Why are managers switching fund administrator?

13% of alternative fund managers are looking to switch their fund administrator over the next 18 months. Find out why.

DOWNLOAD NOW »

Euroclear_PM_white_paper_native_image_400x103

This whitepaper outlines key challenges impeding the growth of private markets and explores how technological innovation, when bolstered by the operational experience and global reach of FMIs, can provide solutions to unlock access to private market funds for a growing investor base.

DOWNLOAD NOW »
UBS_commodities_native_image_Nov_2023

Transporting goods by sea is the lowest carbon way of transporting goods. That said, the shipping sector contribute 3% of global carbon emissions, so we need it to get to net zero. Breakthrough technologies have the power to reshape the industry and drastically reduce its environmental footprint.

LEARN MORE »

Executive Video Interviews

Why fund admin tech is a key competitive advantage

Cian Hyland, Strategic Client Relationship Director at Deep Pool Financial Solutions spoke to us about how technology enables efficient data management, reporting automation and secure data access.

Insights from State Street

Cuan Coulter, Global Head of Asset Managers and Head of UK and Ireland at State Street, discusses how fund managers decide between the two cross-border fund domiciles, namely Ireland and Luxembourg, and why asset managers find managing data so difficult.

Unlocking access to private markets

Vincent Clause, who heads the global funds strategy at Euroclear and David Genn, CEO of Goji, sit down with Funds Europe to explain how technological innovation, bolstered by operational experience and global reach, can provide solutions that unlock access to private markets.

Sustainable investing in the DC world

Claire Felgate, a specialist in UK defined contribution pension schemes at asset manager BlackRock, talks with Funds Europe editor Nick Fitzpatrick about how - and the pace at which - DC pension schemes are adapting to the requirements of sustainable investment.

arrows

Webinars

Watch our webinar for a deep dive into the findings of the fresh-off-the-press EU Taxonomy 2023 Insights Report, based on Clarity AI's best-in-class coverage of EU Taxonomy reported data and CDP industry-leading environmental datasets. 

In this webinar, we discuss tools for optimising fund data management and distribution, the role of global fund classifications and ratings, and how technology and automation enhance data integrity and insights.