Banks have not adopted SaaS applications as quickly as other industries due to data compliance challenges and security concerns.
In a survey conducted by Deloitte, bank executives noted that a host of issues, most prominently about regulations, data security, cloud transformation challenges, and the risks associated with the outsourcing of critical processes, have so far discouraged them from using cloud services:
This is because data compliance in an on-premises environment doesn’t work in the same way as in a cloud environment. While on-premises solutions have a defined perimeter to shield, the cloud has no such boundary, making threats appear unbounded.
For global financial institutions to embrace the cloud, they must take appropriate measures to address compliance and security concerns. This means being fully aware of the regulatory landscape in every market they’re looking to serve and every country they’re looking to enter, implementing the right compliance tools and mechanisms for their SaaS applications based on those rules.
Solving for data residency in the cloud era
By its very nature, the increasingly complex landscape of financial services regulation might make adopting SaaS look near impossible, especially for companies entering developing countries with high growth prospects but strict data regulatory laws. However, when managed properly, data can be distributed efficiently and within compliance, even for SaaS applications.
To do this, specific protocols and rules need to be put in place to ensure good governance over data. For example, by implementing a clear separation between unregulated and regulated data, banks can ensure data is not inadvertently processed, stored, or accessed by any forbidden user or jurisdiction. Similarly, data handling rules should ensure that data initially available in a more restrictive jurisdiction can never be shared with a less restrictive one. This ensures the standards of data protection remain at their highest. Equally important, the solution should be capable of controlling the duplication of data to more restrictive jurisdictions, e.g., where initial data is available in a less stringent jurisdiction, controlled updates of duplicated data or notifications of data changes should be sent to more restrictive jurisdictions when they occur.
Stay in compliance in more countries with InCountry
Over the last few years, the cloud has shifted from being perhaps the most frowned upon technology in the banking industry due to security and regulatory concerns to an area of growth, opportunity, and improved client experience. The financial services industry must join other financial sectors, such as fintech, to continue innovation in such a highly competitive industry.
The InCountry team has put together a great resource to help financial services institutions navigate the global data residency landscape. InCountry partners with best-of-breed SaaS applications like Salesforce, ServiceNow, and Temenos, to accelerate our customers’ digital transformation plans and help them expand faster and within compliance.