Today’s financial services businesses need to be more resilient than ever. In volatile and uncertain times, business continuity management has become essential in every function. Operational risks – things that can prevent you from delivering to customers, shareholders and regulators are multiplying. Plus, the impact of getting it wrong is growing. Being operationally resilient is not just good business sense – it’s critical to survival. There are costs involved, but spending on preparation now is far better than paying the price of being unprepared.
What is Operational Resilience?
Today, financial services businesses sit at the heart of globally connected, increasingly digital networks of dependencies. Risks can propagate across cyber-supply chains at light speed with unforeseen events impacting operations in unpredictable ways. Existing Business Continuity (BCM) and Disaster Recovery (DR) plans are in place to aid recovery, but they are less suited to the rapid reaction needed to mitigate today’s increasingly dynamic risks and maintain operations.
In our volatile world, crisis can come at any time from any direction. Operational Resilience means creating the flexibility to react quickly and prevent isolated crises from escalating to situations potentially fatal for the business. Rather than trying to predict and prepare for every eventuality, financial services businesses must create Operational Resilience to absorb shocks and react quickly to maintain operations whatever the circumstances.
Why is Operational Resilience important in financial services?
Operational Resilience is especially important in today’s connected digital world. Not only have all sectors seen a massive rise in cyber-attacks, but contagion risk - where, for example, a cyber-attack on one company creates waves of repercussions across the network of partners, suppliers and customers to which is linked – means threats are not only more frequent, but more far reaching.
The frequency, scale and scope of threats to business continuity are expanding. Operational Resilience is a more proactive, agile and robust approach to identifying, preparing for and responding to these emerging risks. Gartner defines it as “initiatives that expand business continuity management programs to focus on the impacts, connected risk appetite and tolerance levels for disruption of product or service delivery.” Our own definition adds the critical “ability for a company to move their data on-premises while their primary cloud service provider suffered a major outage.”
How can I maintain Operational Resilience in the cloud?
Organizations, including leaders in financial services, are embracing cloud infrastructures to manage costs and increase agility within their businesses. The nature and the flexibility of the cloud provide some natural Operational Resilience benefits. Shifting workloads from specific, physical data centres to the virtualised environment of the cloud reduces risks associated with single locations. Clouds operated by major providers enjoy high levels of redundancy, business continuity and up-time.
But even the biggest cloud operators suffer outages, as AWS, Facebook, Fastly, and Akamai have all recently demonstrated. Overall, in 2020, Uptime Institute recorded 21 seperate cloud or internet giant outages. So simply being in the cloud does not create Operational Resilience. A cloud-first strategy should not become a cloud only strategy, or a single-cloud strategy. Doing so simply moves the single point of failure further outside your control.
But is it possible to maintain Operational Resilience in the cloud, and it can be done using existing architectures? Combining multi-cloud set-ups with on-premise data platforms gives organisations the flexibility to quickly move data and workloads between clouds and from cloud to on-premise infrastructure. Teradata does this as standard. Data portability is at the heart of our products and approach. It is critical to support the analytics at scale required by today’s financial institutions but also delivers enhanced Operational Resilience as an added benefit.
Major customers in financial services are already adapting existing Teradata implementations to quickly improve Operational Resilience by seamlessly shifting and managing workloads across hybrid, multi-cloud environments featuring clouds from different vendors and on-premise data centres.
What are the regulations for Operational Resilience in financial services?
Banks and other financial service providers are now rapidly moving workloads to the cloud for the cost, efficiency and flexibility advantages it brings. Whilst security and data privacy concerns remain, most banks now have significant workloads in the cloud. However, new concerns are rising about the Operational Resilience of this set up. There are providers with sufficient scope and scale to meet the demands of financial institutions. The vast amounts of data, the complex analytics and the need for the highest levels of security mean that most institutions are selecting cloud solutions from the top three or four providers.
Regulators are beginning to take notice and lose sleep over the Operational Resilience risks this situation presents with two specific areas of concern. The first is the reliance of an institution on a single cloud service provider. If multiple workloads are hosted in the same cloud what happens if that cloud goes down?
Secondly, regulators are concerned about the systemic risk of many firms using the same providers. They worry about the impact on the financial system and economy as a whole should one of those clouds go down.
Regulators are beginning to ask firms to detail their plans to cope with, and mitigate, the impact of one of these scenarios – often referred to as a ‘stressed exit’. Institutions need to prove they have the Operational Resilience to maintain services so that disruption is minimized, and customers can continue to access core services.
What is a stressed exit?
The sudden, unplanned and involuntary exit from a service provider is known as a ‘stressed exit’. For cloud, it could occur through technical failure, hacking, or human error. It could also be caused by contractual disputes, bankruptcy or regulatory issues such as failures in data protection. Anything that causes a sudden, involuntary loss of access to a cloud service.
The increasing dependency of the financial services sector on a handful of massive cloud service providers has changed regulators calculations of who is ‘too big to fail.’ Institutions should expect regulation in this area soon – now is the time to build Operational Resilience into your cloud strategy so that regulators will be satisfied you can survive a stressed exit from a chosen cloud service provider.
Flexibility – the key to Operational Resilience
Teradata is working with financial institutions around the world to build Operational Resilience into their cloud strategies. Ultimately, it is flexibility that creates resilience, and Teradata customers are actively pursuing hybrid, multi-cloud approaches. With Teradata providing a connective enterprise data platform that links multiple clouds and on-prem systems, customers have the foundations for Operational Resilience.
Teradata’s hybrid multi-cloud approach is designed to deliver a flexible platform for data reuse and analytics at speed, and scale, across the organization. But as an added value it enhances Operational Resilience with the flexibility to move data and workloads seamlessly between clouds, and to an on-prem infrastructure as needed.
It makes good business sense to leverage this ability now to demonstrate Operational Resilience to regulators, customers, partners and other stakeholders to show how you can survive a stressed exit for whatever reason.
See how Teradata can help you build Operational Resilience into your cloud strategy.