In a year that demonstrated the importance of operational resilience, major UK banks have migrated less than 10% of business infrastructure onto the public cloud.
The move to the cloud also requires a mindset shift for many. In the banking sector, AI and Blockchain have long been regarded as the technologies set to change the future, yet it is the cloud – and its processing on-demand capabilities – that has enabled these advances and systems to operate.
While banks undoubtedly face some major hurdles to achieving full cloud migration, there are significant benefits to be gained beyond absolute cost savings, namely the scale and flexibility that on-demand data storage brings.
Operational agility has been particularly critical in the current climate. Back in March, we saw businesses and major institutions across the UK forced to transition their entire operations to remote working almost overnight, as the nation was forced into lockdowns and widespread remote working. Business continuity protocols went from testing a plan on a page to implementation at breakneck speeds, forcing many firms to consolidate their processes around key business functions. We saw regulators assessing potential forbearance in some areas, providing some relief to the pressures of lockdown on operational teams.
Among UK banks, those with a holistic cloud strategy in place across their front-, middle- and back-office operations – through end-to-end transformation rather than just IT upgrades – were better equipped to remain resilient through the increased demands of the crisis.
Yet ahead of the pandemic, the majority of UK banks (80%) had moved less than 10% of their business infrastructure to public cloud, according to EY’s UK Banking Cloud Adoption Index. Across the UK, banks have missed out – and continue to lose out – on valuable cost savings and the opportunity to accelerate their digital transformation and strengthen their business resilience.
EY’s study, based on interviews with five of the largest UK banks and six specialist/challenger banks¹, found that while the banking sector universally recognises the benefits of public cloud, just a small minority of business infrastructure has been migrated so far. Banks acknowledged that cloud migration would give rise to increased speed to market and agility (80%) and significant cost optimisation (69%) – and widely believed cloud to be the most transformative technology of the next few years, ahead of AI and data analytics.
This view will only have been reinforced by the operational challenges of the first lockdown and the rise of remote working. Over a quarter of banks (27%) expect to migrate at least half of their business to public cloud by 2022, although significant barriers to more widespread adoption persist. UK banks identified data security (87%), regulatory risk (67%) and third-party risk (60%) as the three top risks preventing more rapid cloud adoption.
We estimate that moving operations to public cloud could reduce banks’ IT costs by around 30% – a critical cost saving through the economic downturn. Banks recognise the potential cost savings to be derived from cloud adoption, with 89% believing the cost savings delivered will even increase over the coming five years. Current cloud migration, however, is centred on the front office (100% of banks), with attention focused on the ability to deploy new apps and solutions quickly to improve customer service and competitive capability. Of the proportion of banks’ business that has migrated to public cloud so far, only 34% of middle office and 64% back office operations have been moved across.
A number of risks – both real and perceived – must be addressed in order for greater adoption across the industry; three dominant risk factors continue to hamper UK banks from migrating more of their business onto the public cloud.
Perception around data security risk remains a major barrier to more widespread shifts. Given the sensitivities and reputational risk posed to banks around storing data, it is unsurprising that this was found to be the biggest concern by 87% of banks.
Being fully compliant and adhering to all the regulatory rules was another key concern for more than two thirds of banks (67%) thinking about moving their business onto the cloud, while 60% of banks viewed third-party risk as a major obstacle to greater levels of cloud migration.
Public cloud providers recognise that their business depends on keeping customers safe and have enhanced security measures in place, but banks must ensure they have their own checks in place and are comfortable that the third-party vendors they rely on have all the necessary certifications in order to meet their regulatory requirements.
While residual concerns around data privacy and regulatory compliance will undoubtedly hamper near-term progress, regulators have set out clear guidance for firms on this issue, and public cloud’s lower risk of systems failure can mean it is more secure than organisations’ own IT systems.
Going forwards, it is critical for banks and regulators to work together to establish the correct framework and the additional controls that need to be put in place to ensure data is safe, building confidence in the cloud across UK financial services.