Drive a Connected GRC Program for Improved Agility, Performance, and Resilience
Power Business Performance and Resilience
Discover ConnectedGRC Solutions for Enterprise and Operational Resilience
Explore What Makes MetricStream the Right Choice for Our Customers
Find Everything You Need to Build Your GRC Journey and Thrive on Risk
Learn about our mission, vision, and core values
Externalizing our data? You must be joking.
When I was a young project manager in a small but famous finance house, about 25 years ago, I once dared to pretend that risk management operations and applications would be standardized in the future – and therefore, possibly, also externalized. Everyone in the room appreciated my joke or what they considered to be a joke.
A couple of years later, being responsible for the regulatory reporting IT as well as some key risk management systems of a large European bank, one of my tasks was to facilitate the first ever move of the bank’s infrastructure to outsourcing partners, including large infrastructure management companies. And this, remarkably, was at the beginning of the 2000s.
I remember when I met a very famous founder of one of the largest risk management companies at that time at a conference in Vienna. I got strong support from him while I was being bashed by conference participants for saying that in the future, risk calculations and data storage would certainly be externalized.
Now, almost 20 years later, the world has obviously discovered the multiple and indisputable benefits of cloud, regulatory reporting hubs and shared risk pools. However, there are still a large number of organizations remaining heavily reluctant to this type of change – or at least until last year.
By the way, it was not only a reluctancy to cloud, but also Work from Home and many other emerging operating models.
And then came COVID.
Are you focussing on your core capabilities, or rather, trying to play with fire?
It is interesting to note that in almost any industry but banking, insurance and financial services, the acceptance for cloud has been remarkable over the last couples of years. More than 95 percent of the projects I was involved in over the last three years were cloud based and not on premises.
But for some reasons unbeknown to me, the financial industry was still cloud shy. Why? I suspect because most of the data that banking, financial services and insurance companies (BFSIs) process is customer data. So, if you shift and process millions of records about plant and production information, nobody will probably care. But if you externalize one single record with personal data or account data of one of your customers, this will be a very different topic.
Now, having been a banker for 15 years, I just wonder, “What should be my core capability – as a banker – and why should I be a better infrastructure manager compared to dedicated infrastructure managers?”
I have seen so many issues over the last couple of years with BFSI homegrown infrastructure, that I would be extremely reluctant today NOT to go for the cloud. Why?
Cloud: tackling the risks
So, what are the cloud benefits on the other side? Obviously, there are plenty of marketing brochures on the topic, but I’d like to focus on the real benefits reported by my customers.
Since the beginning of the COVID crisis, many organizations have questioned their own infrastructure capability WRT practicability, costs and efficiency.
And finally, the result is in. Yes, as I am writing these lines, even the most conservative organizations in Europe are now moving to the cloud. We see this with large Europe-based international organizations, and with leading financial institutions, including banks. Even in Switzerland, which has been a rather cloud adverse environment, the market is now massively adopting the new Swiss cloud with servers in Zurich and Geneva.
Bottomline: To be in the cloud – or not to be – that is the question.
To paraphrase, at the end of the day, you will not only be judged for the things you did but also for all those you did not dare to do.
The paradigm shift is fairly simple: From now on, reputational and operational risks are coming less from being on a fully safe and secure cloud – as many of your competitors – but more from the fact if you stick to old fashioned and risky operating models.
Dear friends, wherever you are, please stay safe and healthy!
Chris Lesieur brings over 30 years’ experience in the design, implementation, management and monitoring of Governance, Risk and Compliance systems and solutions - gathered across multiple domains and industries - Banking, Insurance, Retail, Chemical, Pharmaceutical, Manufacturing, CPG, Aerospace, Automotive, Utilities & Military.