As capital markets have continued to evolve at a rapid pace – with increased regulatory scrutiny showing no sign of let up – 87% of companies have increased their investment in the cloud over the last two years, according to a recent report by the London Stock Exchange Group.
The ‘cloud strategies in financial services’ survey includes insights from financial firms across the industry, including banks, private equity, investment management, asset management; broker dealers, hedge funds, pension funds, and more.
As the increased adoption of the cloud across financial markets continues on its trajectory, the reality of regulatory focus on these activities does not look to be set to change any time soon.
The recent LSEG survey found that 84% of respondents have already had to make ‘at least moderate changes’ to their cloud strategies directly due to regulations such as the EU’s Digital Operational Resilience Act (DORA) and the EU’s General Data Protection Regulation (GDPR).
However, this has been met with understanding in many instances, as the industry as a whole recognises the importance of maintaining sensible cloud practices.
“Firms may also understand that some of the regulations – such as those around security and operational resilience – are a rational response to significant risks, because the firms are wary of the same risks themselves,” explained LSEG.
Read more: LSEG expands AWS existing relationship with cloud collaboration
When it comes to the selection of CSPs, LSEG found that a huge majority of respondents believe operational resilience to be the primary motivator for selecting a cloud provider – specifically, 92% said it was ‘very important or critical to the selection’.
Moreover, 51% of those surveyed confirmed that they assess cloud investment ROI through the ability to scale, while 47% do so via revenue growth.
The importance of upkeeping high standards, and not solely focusing on costs, is demonstrably echoed across the industry time and time again, with quality data in particular widely regarded as the life blood of the financial markets.
The recent LSEG report confirmed that 47% of its respondents were using the public cloud for market data and pricing.
The same percentage also highlighted that the sophistication of cyberattacks remains their primary security concern with adopting cloud services – a clear indication of where the communal focus is, and is set to remain.
The LSEG survey included responses from a wide range of industry entities, with 51% hailing from the banking industry, 37% in investment, and 12% in wealth & advisory.
In response to increased adoption across the industry, just last week European watchdog ESMA also shared its final report on guidelines for firms which outsource to cloud service providers, recommending a risk-based monitoring approach to the arrangements.
In the update, ESMA explained: “A firm should monitor the performance of activities, the security measures and the adherence to agreed service levels by its CSPs. This monitoring should be risk-based, with a primary focus on the critical or important functions that have been outsourced.
“[…] A firm should reassess whether its cloud outsourcing arrangements concern a critical or important function periodically and whenever the risk, nature or scale of an outsourced function has materially changed.”
Also included in ESMA’s recent update were guidelines around the importance of pre-outsourcing analysis and due diligence, including identifying the potential for conflict of interest.
“Before entering into any cloud outsourcing arrangement, a firm should: a) assess if the cloud outsourcing arrangement concerns a critical or important function; b) identify and assess all relevant risks of the cloud outsourcing arrangement; c) undertake appropriate due diligence on the prospective CSP; d) identify and assess any conflict of interest that the outsourcing may cause,” affirmed the watchdog.