by Wolfgang Prinz, VP Global Platform Management, Wolters Kluwer
Outsourcing regulatory reporting and compliance – using software as a service – can help firms with limited resources and manpower acquire expertise, flexibility and reliability at a reasonable cost.
They say many hands make light work. Large financial institutions getting to grips with the increasingly formidable challenge set by regulators – demand for more detailed, complex and frequent data submissions – might take comfort in that old adage. But what are smaller firms with fewer available hands supposed to do, especially when the heads they’re connected with may lack sufficient expertise in the intricate and novel facets of compliance and data management that they’re likely to encounter?
Among the outsize difficulties that smaller banks face due to limited human and financial resources are key-person effects. Important bodies of knowledge, along with practices and processes that help a business use the knowledge effectively, may reside solely between the ears of a single employee. If that employee moves on, he or she may take those skills out the door. Even if key employees stay put, a firm can be afflicted with a lack of know-how critical mass – an insufficient number of experts to handle the extensive, complicated work involved.
Smaller institutions are on the wrong end of the spectrum to benefit from economies of scale, too, although being small also confers some advantages under the new supervisory regime because the authorities have decided to give them a break: A cornerstone of Basel III finalization, and the EU Capital Requirements Directive (CRD V) that is derived from it, is the principle of proportionality; because larger banks pose a greater threat to the health of the financial system when things go awry, they face more rigorous reporting requirements and must have comparatively larger capital cushions than their smaller peers.
And large institutions aren’t immune from issues related to a concentration of key pieces of knowledge in a small number of employees, either. Indeed, banks of all sizes, in nearly all material ways, will feel the burden of managing increasingly onerous regulatory reporting requirements and the associated technological infrastructure, even if that burden is likely to fall more heavily upon smaller firms. Compliance no doubt will require less in absolute terms from a smaller, simpler firm, but the cost could be far greater as a proportion of revenues, assets, employees etc.
This is where the cloud can help with compliance and regulatory reporting functions, and why more smaller banks are coming to rely on it. By outsourcing key activities to a larger, more proficient specialist, they can eliminate the shortcomings that their size otherwise confers and secure the efficiencies as well as competitive and institutional advantages that larger rivals enjoy.
Associating with a specialist provider of finance, risk and reporting (FRR) software – one that has partnered with an industry leader in cloud hosting that has massive capacity, such as Microsoft Azure, Amazon Web Services, Alibaba Cloud or related enterprises at Google, Oracle and elsewhere – assures savings that arise from having greater scale. Maintaining data in the cloud also reduces up-front expenditures, smooths out running costs and makes them more predictable, because banks are buying a service, not undertaking a capital project.
A cloud regulatory reporting solution, encompassing hardware, software and services, helps keep performance issues to a minimum. Firms can rely on the skills of the solution provider and rest assured that it will have the best available equipment and the latest software upgrades and functionality improvements, rather than having to allocate their own employees to these time-consuming endeavors.
A bank’s staff, now free to use its regulatory reporting software without having to monitor and tinker with it constantly to make sure it’s working properly, can engage in higher-value tasks focused on commercial activities and strategy. That’s a particularly important consideration for smaller operators whose employees can be spread thin and so need whatever efficiencies they can find.
Outsourcing to the cloud enhances agility, flexibility and scalability – essential given today’s more burdensome reporting demands – because a firm can add or subtract capacity as needed. Or as wanted: Knowing that the ability to scale up exists, solving a potential problem before it crops up can tip the scales in favor of a strategic move to expand in a new or existing business line.
Some bankers may be reticent to embrace these benefits out of fear that loosening their grip on their own and their clients’ information could lead it to be lost or stolen. They will see the surrender of control to outside tech experts as the good news of cloud data management, but also the bad news. “Will putting our data in the cloud put our data at risk?” is a perfectly understandable question for senior executives to ask. But they should ask another one, too: “Compared to what?”
In a world where anything is possible, there’s always a chance that harm will befall a system or its data, wherever they’re situated. There could be natural or manmade physical damage; or theft or other loss resulting from hacking or just from dumb but benign human error. But such an event is less likely to occur on cloud servers. They tend to be kept in locations that are more secure physically, and service providers spend enormous sums to safeguard their technology from malicious or careless acts of all sorts, preferably before they occur. Microsoft Azure alone spends over $1 billion a year on cybersecurity. How much can a financial services giant, let alone a smaller institution, devote to such an endeavor?
Not content to leave all security matters to technology providers, banks take steps to protect their data in cloud, too, such as granting system access to as few external personnel as are needed to deal with any problems that crop up, and to do so in a way that prevents them from viewing data directly. They are also careful to verify that their data is encrypted as much as possible, especially when files are in transit between the server and the bank, and ring-fenced from that of other users.
Even if they can be persuaded of the virtues of outsourcing to the cloud, they may be concerned that the supervisory authorities they answer to will not be. Such fears are increasingly misplaced. Regulators share many of the same concerns as banks: ensuring that data is secure and encrypted and solely under banks’ control. And just like banks, regulators are growing more comfortable as security technology improves and as the tech providers and financial institutions responsible for managing data develop the expertise to ensure that safeguards are at least as rigorous in the cloud as on a bank’s premises. Also, assuaging concerns of banks and regulators, no doubt, are privacy and data protection laws introduced in various jurisdictions, such as the General Data Protection Regulation (GDPR) in the European Union.
Even if authorities have come to tolerate – and even embrace – storing, analyzing and reporting data in the cloud, it’s in their nature seldom to stay satisfied for long. That’s another advantage afforded by the flexibility of outsourcing: the ability of vendors to swiftly and efficiently update processes as the rules, regulations and submission requirements set by authorities evolve. As with other aspects of compliance, the rapid pace of change on the supervisory landscape can be especially difficult to navigate for smaller institutions. So, if you run one, you should take comfort in knowing that many hands make light work, and they don’t all have to be yours.