SINGAPORE – Media OutReach – 9 July 2021 – Asia Cloud Computing Association (ACCA) released its 2021 report on the financial services sector, Better on the Cloud – Financial Services in Asia Pacific. This is the third iteration of this report, examining the nuances of cloud and technology adoption by the Asia Pacific financial services sector.
The report examines eleven Asia Pacific markets, looking at the digital transformation accrued by jurisdictions which have facilitated greater cloud adoption within their financial sectors. The report reviews developments and policy adjustments made by regulators to work with financial institutions (FIs) and cloud service providers (CSPs) – adjustments which unlock the enabling power of cloud as a key support technology for FI business objectives, and risk management.
Digitally Transforming During The COVID-19 Pandemic
This pandemic season has significantly accelerated the need for FIs to transform digitally, with minimal disruption to their business. The financial sector’s resilience has been supported and enhanced by the availability of cloud computing technologies, which have supported transactions being enabled online and via mobile apps, allowed for secure means of remote identity verification and other Know Your Customer (KYC) requirements, and have paved a new way forward for managing relationships, balancing limited physical interactions with virtual connections.
“During this intense work-from-home period, cloud-based tools have allowed rapid adoption of new ways to communicate and collaborate all over the world,” says Quint Simon, Head of Public Policy, Asia-Pacific & Japan at Amazon Web Services (AWS), and Vice-Chair of the ACCA. “This has improved business efficiency and mitigated the risk of stress on FIs’ technology systems with capabilities that would have been far more challenging and costly without adoption of cloud computing.”
Enabling a Robust and Resilient Regulatory Environment
The report findings reveal that strong financial regulatory markets are characterized by a policy environment that has continuously updated, adapted, and revised regulations and guidelines to enable FI adoption of cloud computing technologies.
“We are pleased to note that many regulators are taking the step to go beyond accepting cloud adoption in the financial services sector, to actively affirming and encouraging FIs to consider the benefits of cloud,” observes Barbara Navarro, Director of Google Cloud Government Affairs and Public Policy, and Treasurer of the ACCA.
Ten Regulatory Recommendations
While there are positive developments within APAC which demonstrate the importance and benefit of continued dialogue between regulators, FIs and CSPs, the report notes that not all regulatory conditions are equally robust. It makes ten recommendations which will further accelerate digital transformation in financial services while mitigating associated risks.
- Recommendation #1 – Governments have publicly affirmed the adoption of public cloud for financial institutions (FIs).
- Recommendation #2 – Regulations should set out clear and not unduly burdensome processes for FIs to follow when adopting cloud services.
- Recommendation #3 – Regulations should not require regulatory prior approval for implementation of cloud services for each workload.
- Recommendation #4 – Regulations should be risk-based and clearly differentiate applicability to material and non-material workloads and for non-material workloads requirements should be minimal.
- Recommendation #5 – Regulations should have a clear distinction between control vs processing of data.
- Recommendation #6 – Geographic Restrictions: (a) Regulations should permit the cross-border transfer of data, and (b) Regulations should not require data to be stored in a specific geography.
- Recommendation #7 – Regulations should not prescribe terms of cloud contracts.
- Recommendation #8 – Regulations should not create a right to government for unrestricted physical audit access rights to CSP facilities.
- Recommendation #9 – Regulations and regulators are neutral as to foreign or domestic CSPs.
- Recommendation #10 – Regulations promote a risk-based approach to effective operational resiliency, which may include non-mandatory guidance encouraging the FI to consider business continuity and disaster recovery planning, geographic diversity, reversibility, exit planning, and vendor choice, among other factors.
Strengths and Opportunities for Regulatory Improvement
“From the report’s analysis, the leading markets have fully achieved most, if not all of our recommendations,” said Eric Hui, Chair of the ACCA, noting the improvements in APAC’s pro-cloud policies. “Financial regulators in Australia, Philippines, Singapore and Japan have made strong positive statements, or through their guidance, clearly support the adoption of cloud computing by FIs.”
However, there are opportunities for regulatory enhancement, to increase clarity and reduce cloud deployment times. “Beyond the leading regulators, there is a group of markets where the shift to cloud is more challenging because some regulatory requirements may tend to impede cloud adoption and technological innovation in the FIs,” adds Lim May-Ann, Executive Director of the ACCA. “There are variations on why this is the case for each of these markets, and this report provides a deep dive market analysis to examine market nuances further.”
One such nuance is the requirements for a regulatory approval or notice of no-objection from the financial regulator when deploying cloud technology. “In some markets the regulator requires approval or a notice of non-objection for each occasion an FI intends to place a workload on a cloud service, and this process can be highly repetitive, lengthy and opaque, which can impede cloud deployment,” observes Bojan Obradovic, Head of Cloud Services, HSBC, a member of the ACCA. “Regulators should consider the FI’s risk-based analysis – and how the standards, best practices and certifications of a CSP align with objectives.”
The report is available for free download at https://www.