The cloud – Where governance and compliance now top the list of concerns

The cloud
The cloud – Where governance and compliance now top the list of concerns

As cloud adoption continues to soar globally, technical considerations and concerns have evolved towards risk, compliance, and financial management. In November, the UK Finance COO Forum explored this evolution of cloud adoption and why skills, governance and clarity on standards matter.

In the financial services industry, companies are working hard to develop their digital backbones to compete in today’s world. Technology that allows them to build high-performing websites and apps, delivering exceptional service and customer experience as well as helping them to reach their increasingly younger customers, is fast becoming the essential plumbing of the modern-day enterprise.

Cloud computing is one platform that has dominated developments in the past decade. But alongside its capability, moving to the cloud comes with challenges and hurdles. Companies have spent a long time building up their computing on premise and invested significant amounts in IT infrastructure and skills. They are now trying to understand the implications of migrating to cloud platforms.

At the UK Finance COO Forum in November, participants discussed the value of cloud to their businesses. Their organisations are at different stages of adoption: many have started developing their strategies, while others had progressed a long way down the line. But all attendees were keen to talk about their experiences and ask questions about this fast-moving and complex topic.

Where tech meets governance

How do you put the right people in place to move to the cloud? Straightaway the conversation turned to the key challenge that has dominated previous COO Forums: people. According to James Fox, director at Protiviti UK, developing capability in the cloud is an opportunity to create a new team. Hiring skilled people with new ideas, he suggested, can be complemented by retaining others who are keen to be trained up.

One COO said that some of the top performers on his IT team had wanted to make the leap to the cloud, and some hadn’t. He suggested those who are good at coding, for example, didn’t always have the experience of working with large-scale infrastructure; and others, with a lot of legacy experience, had to be trained up in new cloud-related areas. Ultimately, a good cloud team was about finding people with the right mindset, he said.

But the cloud isn’t just about technology. Fox said helping risk and compliance teams and procurement departments understand cloud-based technologies and processes was equally important. Cloud services are different from on premise and compliance comes with its own nuances, he said. Without these skills in place, projects can slow down from the very start.

Governance is also a key focus for regulators. In fact, one COO at the event suggested it was the number one thing they were concerned about. He explained there were organisations that had to halt their migration projects to the cloud entirely because of concerns about governance. His story drove home the point that best practice in the cloud is about far more than technology.

Working with the regulators

According to an expert in cloud technology from UK Finance, cloud governance is now something that companies should consider as part of their cloud strategy. She confirmed earlier comments shared at the event about the regulators’ focus and suggested understanding regulation and compliance related to the use of cloud technologies should be a priority for financial services firms.

But she also said that UK Finance wanted regulators to recognise two key elements of the governance process: the importance of harmonisation, and the right emphasis on multi-cloud strategies.

First, many of her conversations with businesses were about the harmony of regulations. Some members were seeking to comply with regulations on outsourcing and operational resilience, for example, under both UK and EU law. She said finding common ground across regulators would smooth the process for cloud compliance, too.

Secondly, firms want regulators to focus on the principles of a good exit strategy from cloud providers. That means if one provider fails or suffers a cyber-attack, for example, there is an easy path to move to another. One COO said her firm had decided to keep important business services running using on-premise technology because the challenges of moving from one cloud provider to another quickly – in other words, a stress exit – still presents challenges.

Establishing a cloud centre of excellence

One solution to improve governance and explore standards is to establish a cloud centre of excellence. This is a group of people inside a business actively seeking to develop their knowledge and best practices about the cloud. They typically come from technology and compliance backgrounds and include others with more than a passing interest.

COOs at the UK Finance COO Forum asked how centres of excellence could be developed. Fox suggested that bringing in compliance and governance experts was a good first move. Consultants could then provide expertise on cloud compliance, specifically, by training people and leaving behind as much knowledge as possible. The aim, he suggested, was to develop a self-sufficient group.

Getting the right message across

The benefits of using cloud technology are becoming better understood. Alongside its ability to support new projects, new products, and enhanced digital capacity, cloud can also support risk management: data loss from cyber-attacks can be reduced, controls can be automated, and as third-party providers, cloud platforms can be tracked and monitored. Cloud technology also offers greater recovery and resilience in the event of disruption – and offers the potential of long-term reduction in capital spend.

But these benefits need to be communicated clearly. One COO suggested that cloud technology doesn’t always lead to cost savings immediately and should be framed in the right way for investment committees. He suggested that positioning resilience, security, and agility as positive outcomes would help to bring senior executives on board. Another participant noted that increased cyber security, brought about through large-scale investment on these platforms, had been pivotal in convincing CFOs to back cloud projects.

As companies increasingly adopt cloud technology, they will continue to learn these lessons and develop their companies for the future. They will have a keen eye on skills, governance and standards – and communicating the benefits clearly. As one participant suggested, the cloud is neither magic nor free, but its adoption across multiple industries is changing the way financial services organisations do business.

UK Finance’s COO Network event, which was held in association with Protiviti, took place on 4 November 2021 online. For more information and to find out more about the work of UK Finance, contact head of member communities Zoe Bailey.

For more information on Protiviti’s work on cloud transformation, click here, or contact James Fox.

Click below to read key takeaways from previous sessions


Hub Page