More than 4 years ago I was asked if Public Cloud Core Banking is a Hype or a Short Term Reality?
If you had read the post, you would probably find the answer that it was probably Hype and not Short Term Reality.
This post Revisits the same issue.
Size Matters
The issue is a major issue for Large Banks. Those banks use IBM Mainframe for executing their Core Banking systems.
Smaller Banks used two decades ago UNIX based Core Banking Packages.
The Systems Availability, Scalability and Security was not as high as the Mainframe based Core Banking Systems, but it was probably good enough.
My very limited Study
I looked for real Case Studies of deployments of Core Banking system in the Public Cloud. I looked for articles and Research Notes by Googling.
I did not find much. No real Case Studies of Large Banks transforming their Core Banking to Cloud Based systems.
I refer to the following articles:
Mckinsey: Core Banking Systems Strategy for Banks
On the one hand, the Mainframe Legacy Core Banking Systems Reliability and Availability is high and their Performance is good. Performance is critical for Large number of concurrent transactions.
On the other hand, the Financial services market is changing.
Banks need to adapt to the New world of Digital Systems, APIs to Fintech companies and non-Financial partners. The Legacy Architecture is not suitable for this New World.
The Long Term Future of Core Banking Architecture should be a Cloud Based Micro Service Architecture.
Delloitte: Cloud based Core Banking: Is it Possible?
The question in the paragraph's title is a kind of evidence that Core Banking in the Public Cloud is not a viable option for the Short Term. The article is about Long Term Cloud migration benefits.
The article does not refer to Real Large Scale Core Banking Case Studies.
Why immediate Cloud Migration is not a viable option?
1. Banks are Risk Averse
If it is not broken do not fix it. The systems are doing what they were built for.
Migration Projects are Long and very expensive.
2. Functionality Risks
Building new Core Banking systems is a risk of lack of functionality compatibility.
The Legacy Systems were build ten or twenty years ago. They were changed due to Business and Regulatory requirements. Their Documentation probably had not fully updated.
The new systems or Core Banking Packages were written in new Programming languages by people who are not aware of old programming languages Architecture, Capabilities and Syntax.
3. Losing systems maintenance skills
The older people maintaining the systems, usually written in COBOL programming language, may retire. Most of them are not capable of learning modern Programming Languages and Methodologies. Their knowledge of the Systems and the Business logic may not be available.
4. Performance Risks
Would the new systems be capable of handling a large concurrent transactions workload?
Would the new systems be capable of handling the workload providing reasonable and stable Response Time?
5. Security Risks
Few weeks ago I completed a Lead Cloud Security Manager course.
The course is a new course by PECB.
I learned that Cloud Security Management is not as simple as Security Management within an Enterprise boundaries.
The following highlights clarify the complexities:
1. The threats management is divided between at least two organizations: the Cloud Services Provider and The Cloud Service Customer.
2. Are the Customer's systems protected from other Customers access or dependencies?
It should be remembered that Cloud Services Customers share Infrastructure and in Multitenancy SaaS Services they also share Software and Database.
3. The contract should define the Security duties and responsibilities, however the Customer should be aware of the Cloud Provider's Security Policy, Procedures, Controls and Methods.
4. On going Communication, updates and Reporting between Cloud Provider and Cloud Customer should be executed properly.
5. Incident Analysis is more complex because some of the aspects and data are not accessible by the customer.
Psychologically, if an enterprise controls Security its managers tend to think that Security is better than Security controlled by a Cloud Provider.
6. Availability Risks
The Availability of IBM Mainframe Systems is very high.
Would the new Cloud Systems Availability remain as high as it was?
Technically the answer may be positive but there is a Risk that it would not be as high as it is in Mainframe environments due to the following reasons:
A. The Infrastructure is more complex in Cloud Computing.
B. Outage of Public Clouds.
C. Unavailability due to Application Software
The Availability of Hardware, Infrastructure Software and Communication Hardware and Software is higher than it was few decades ago, therefore Application Software probelms are significant unavailability source.
For example, a computing formula error could require stopping a Core Banking system until the database is restored and the transactions are executed again using a correct formula instead the wrong formula.
7. Regulatory Risks
International, as well as Regional and Country level, Regulation includes Security related Risks.
Adressing the
Regulatory requirements should be verified prior to moving Core Banking to a Public Cloud.
However, it is not only
Security that should be addressed properly it is also Privacy.
Presonally Identifiable Information (PII) should be protected. ISO/IEC 27018 is a general stnadard that should be addressed in addition to Banking specific PII requirements.
Reasons for Long Term Core Banking in the Public Cloud
1. Digital Infrastucture
Digital systems interfaces are API based. Flexebility and Agility are a must. The Mainframe based Systems are less adequate for those kind of interfaces
2. Enhanced Competition
Banks should adapt to a new Financial Services Market.
Main New Competitors are:
A. Digital Wallets
B. Fintech Services
Fintech services are cheapper than Banking Services. Fintech vendors use a Web sites or a Mobile Applications. They do not have overhead of Branches infrastucture, Emplyees working in Branches, as well as many other employees.
C. P2P Services
P2P services are also cheapper than Banking Services.
3. Enhanced Digital Cooperation
In order to Survive Banks should change their strategy: Their systems should be a Services Hub.
The Services should include Services of non-Financial Partners. The Partners systems should also include a quick access to the Bank's Services.
Probably, comparison and access to other Banks' Services will be included in the Hub as well.
4. Will IBM Mainframe Survive in the Long term?
In the Long Term the Mainframe will not be adapted to Modern Architectures and technologies.
5. Software Maintenace
The mainframe based Core Banking systems were developed decades ago. Maintenace is becoming more and more difficult.
Maintenace of these Silo Systems is more difficult anyway.
Many of the people, who developed and maintained the systems, already retired. Others will retire soon. Y-Generation and Z-generation developers prefer working in modern environments and does not havee the skills required for maintenace of these systems, such as the COBOL Programming language, The CICS OLTP Monitor and even the DB2 database.
The results are high maintenace costs and Backlog.
Conclusions
Currently, Public Cloud based Core Banking for large banks is far from being Reailty.
However, it will be a Long Term Reality.
An Agile Architecture would enable gradual Migration from IBM Mainframe to a Cloud. It could be a Private Cloud, an Hybrid Cloud or a Public Cloud.
Migration from any Cloud Services to a Public Cloud is a lot easier. The Migration period is shorter.