SINGAPORE – Media
OutReach – 9 July 2021 – Asia Cloud Computing Association (ACCA) released its 2021 report on the financial services
sector, Better on the Cloud – Financial Services in Asia Pacific.
This is the third iteration of this report, examining the nuances of cloud and
technology adoption by the Asia Pacific financial services sector.
The report examines
eleven Asia Pacific markets, looking at the digital transformation accrued by
jurisdictions which have facilitated greater cloud adoption within their
financial sectors. The report reviews developments and policy adjustments made
by regulators to work with financial institutions (FIs) and cloud service
providers (CSPs) – adjustments which unlock the enabling power of cloud as a
key support technology for FI business objectives, and risk management.
Digitally
Transforming During The COVID-19 Pandemic
This
pandemic season has significantly accelerated the need for FIs to transform
digitally, with minimal disruption to their business. The financial sector’s resilience
has been supported and enhanced by the availability of cloud computing
technologies, which have supported transactions being enabled online and via
mobile apps, allowed for secure means of remote identity verification and other
Know Your Customer (KYC) requirements, and have paved a new way forward for
managing relationships, balancing limited physical interactions with virtual
connections.
“During this
intense work-from-home period, cloud-based tools have allowed rapid adoption of
new ways to communicate and collaborate all over the world,” says Quint Simon,
Head of Public Policy, Asia-Pacific & Japan at Amazon Web Services (AWS),
and Vice-Chair of the ACCA. “This has improved business efficiency and
mitigated the risk of stress on FIs’ technology systems with capabilities that
would have been far more challenging and costly without adoption of cloud
computing.”
Enabling
a Robust and Resilient Regulatory Environment
The report
findings reveal that strong financial regulatory markets are characterized by a
policy environment that has continuously updated, adapted, and revised
regulations and guidelines to enable FI adoption of cloud computing
technologies.
“We are
pleased to note that many regulators are taking the step to go beyond accepting
cloud adoption in the financial services sector, to actively affirming and
encouraging FIs to consider the benefits of cloud,” observes Barbara Navarro,
Director of Google Cloud Government Affairs and Public Policy, and Treasurer of
the ACCA.
Ten
Regulatory Recommendations
While there
are positive developments within APAC which demonstrate the importance and
benefit of continued dialogue between regulators, FIs and CSPs, the report
notes that not all regulatory conditions are equally robust. It makes ten
recommendations which will further accelerate digital transformation in
financial services while mitigating associated risks.
- Recommendation #1
– Governments have publicly affirmed the adoption of public cloud for financial
institutions (FIs). - Recommendation #2
– Regulations should set out clear and not unduly burdensome processes for FIs
to follow when adopting cloud services. - Recommendation #3
– Regulations should not require regulatory prior approval for implementation
of cloud services for each workload. - Recommendation #4
– Regulations should be risk-based and clearly differentiate applicability to
material and non-material workloads and for non-material workloads requirements
should be minimal. - Recommendation #5
– Regulations should have a clear distinction between control vs processing of
data. - Recommendation #6
– Geographic Restrictions: (a) Regulations should permit the cross-border
transfer of data, and (b) Regulations should not require data to be stored in a
specific geography. - Recommendation #7
– Regulations should not prescribe terms of cloud contracts. - Recommendation #8
– Regulations should not create a right to government for unrestricted physical
audit access rights to CSP facilities. - Recommendation #9
– Regulations and regulators are neutral as to foreign or domestic CSPs. - Recommendation
#10 – Regulations promote a risk-based approach to effective operational
resiliency, which may include non-mandatory guidance encouraging the FI to
consider business continuity and disaster recovery planning, geographic
diversity, reversibility, exit planning, and vendor choice, among other
factors.
Strengths and Opportunities for Regulatory Improvement
“From the
report’s analysis, the leading markets have fully achieved most, if not all of
our recommendations,” said Eric Hui, Chair of the ACCA, noting the improvements
in APAC’s pro-cloud policies. “Financial regulators in Australia, Philippines,
Singapore and Japan have made strong positive statements, or through their
guidance, clearly support the adoption of cloud computing by FIs.”
However,
there are opportunities for regulatory enhancement, to increase clarity and
reduce cloud deployment times. “Beyond the leading regulators, there is a group
of markets where the shift to cloud is more challenging because some regulatory
requirements may tend to impede cloud adoption and technological innovation in
the FIs,” adds Lim May-Ann, Executive Director of the ACCA. “There are
variations on why this is the case for each of these markets, and this report
provides a deep dive market analysis to examine market nuances further.”
One such
nuance is the requirements for a regulatory approval or notice of no-objection
from the financial regulator when deploying cloud technology. “In some markets
the regulator requires approval or a notice of non-objection for each occasion
an FI intends to place a workload on a cloud service, and this process can be
highly repetitive, lengthy and opaque, which can impede cloud deployment,”
observes Bojan Obradovic, Head of Cloud Services, HSBC, a member of the ACCA. “Regulators
should consider the FI’s risk-based analysis – and how the standards, best
practices and certifications of a CSP align with objectives.”
The report is available for free download at https://www.asiacloudcomputing.org. Markets covered include Australia, Hong Kong, India,
Indonesia, Japan, Malaysia, Philippines, Singapore, South Korea, Taiwan,
Thailand – along with two global benchmark jurisdictions markets, the United
Kingdom and the United States of America (federal, and New York state.)
Source link