Solving the Fintech Compliance Challenge in the Cloud

By David Mote | 19 February 2016

Today’s fintech industry is a fast-paced and constantly evolving business. To focus on their core business - offering financial applications to banks and financial institutions or directly to consumers – fintech companies often partner up with Cloud Infrastructure-as-a-Service (IaaS) providers with increasing frequency. Not only does this allow for more flexibility and speed, but it also helps to avoid costs for idle compute and storage resources in traditional hosting models.

Dependent on their business model fintech companies regularly handle sensitive data either in the form of data they process for banks or other financial institutions, or sensitive data which they process when directly serving their own customer base. Both cases require a high level of security and compliance with the respective regulations being in place. Cloud infrastructure plays an important part when it comes to compliant operation of these fintech companies. Cloud IaaS providers can help build compliant IT infrastructures in the cloud and keep these processes in line with ever demanding regulatory requirements.

Fintech companies operating sensitive bank data

Take the example of a fintech company which processes sensitive data of a bank institution and delivers services to the bank’s customers. The bank institution will require adequate security and compliance standards from the fintech company. These requirements need to be in line with the security and compliance standards of the bank itself. Many elements of these policies are related to the cloud hosting infrastructure and therefore the cloud provider can add additional value by supporting the fintech company in this matter.

As a minimum, the cloud provider has to fulfil certain security and compliance requirements for its own cloud infrastructure and operations; the provider must be able to provide proof of the relevant certifications and compliance audit confirmations. But this is not sufficient; the setup and operation of the fintech’s IT workload has to fulfil the bank’s security and compliance requirements as well.

Setting up a compliant environment – step by step

The cloud provider can help with the initial architectural design and offer enhanced security features such as virtual routers & firewalls or multi-redundant environments to facilitate the setup of disaster recovery solutions. Supporting the fintech during possible audit activities by their bank clients also adds value. If required the cloud provider can support the fintech which is involved in due diligence activities, a regular requirement in particular when the fintech handles sensitive data of banks in the cloud. A cloud provider’s expertise and experience in such processes can significantly speed up the process. Such activities can comprise detailed questionnaires, additional performance tests and on-site visits of the cloud provider’s data centres. The same goes for the availability of adequate contracts and SLAs which have to be corporate grade.

To optimally support fintech clients it is important for a cloud provider to be supportive from the beginning on. Proactive communication can help the cloud provider to quickly understand the requirements and needs of the fintech company. When the cloud provider gets a full understanding of the fintech’s desired cloud architecture he will in a next step be able to deliver a sound quote which realistically reflects initial cost implications. Cloud IaaS offers typically follow some form of pay-as-you-go model so a common understanding of the initial resources requirements is crucial to get this figure right.

In the next step – the implementation phase –the cloud provider will support the fintech with architectural design options in the cloud.  If all these steps are successfully completed, the IT environment can be set up in the cloud. Already during the finalisation of the infrastructure setup, testing of separate modules can be initiated until service readiness will be fully achieved. This means that the testing phase has been successfully completed and the fintech company gives its approval to start using the cloud environment productively.

Compliance is key

The ability to provide high security and meet rigorous compliance standards is key for many fintech companies. In particular, for those who process sensitive bank data it is crucial to meet their security and compliance requirements. As many of these requirements are related to the hosting of the IT infrastructure, fintech companies are able to utilise the experience and expertise of specialised cloud providers to keep the focus on their core business.

By David Mote, COO of Safe Swiss Cloud.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development