As their booming share prices testify, technology companies have been brimming over with new business during the coronavirus pandemic.
For banks, there has been a special tech awakening: to the merits of cloud computing. After years of foot-dragging, many have been abandoning their cautious approach to cloud-based services and signing up with gusto to outsource their storage of data and other activities that demand high-intensity computing power.
In the past few days alone, Amazon Web Services struck a big new deal with HSBC while Google announced partnerships with Goldman Sachs and Deutsche Bank.
Why now? Some of the reasons are obvious. As banks come under pressure from the financial costs of lockdown — a decline in economic activity, an explosion of loan losses — they are seizing any opportunity to cut costs. Cloud services tend to be priced in ways that mean you pay for what you use, rather than committing to billions of dollars of investment upfront.
But the enthusiasm for cloud computing is not just about scrimping. Banks have been among the most enthusiastic adopters of cloud-based software and video conferencing services to facilitate working from home. Just as the pandemic hit, Microsoft completed the rollout of its Teams video service to 100,000 staff across Santander’s global banking operations, building on a cloud contract struck with the Spanish bank last year.
The pandemic is also accelerating the trend towards digital banking. Dutch group ING said this month it would close a quarter of its branches. Cloud providers are increasingly casting themselves as “digitisation partners” for the banks.
Pre-pandemic, the banking sector was more reluctant than most to move to the cloud. A Bank of England report on digital finance last year — authored by Huw van Steenis, an adviser to former governor Mark Carney — estimated that only a quarter of the activities of the largest global banks were cloud-based.
That tally is far lower than in other sectors, though McKinsey has forecast that between 40 and 90 per cent of banks’ workloads globally could move to the cloud in a decade. Bankers believe coronavirus will accelerate that shift dramatically. An executive at one big cloud provider says: “So far it’s been high-compute intensity areas, such as risk management modelling, that have moved on to the cloud. Personally sensitive data and trading data have not moved. But we’re starting to see that change.”
Banks’ historic reluctance stems in part from their nervousness about security and privacy. But it also reflects longstanding regulatory concerns about the robustness of cloud-based services and concentration risk in the sector.
Thirty of the world’s biggest banks, deemed systemically important, are subject to regulatory capital surcharges in the name of safety. If 90 per cent of bank data moves to the cloud, how much more risky is it that three or four largely unregulated companies dominate that space?
Over the past couple of years, though, the mood has gradually brightened. Tech giants have engaged with regulators. Their pitch to win bank business has been helped by a broader trend in cloud computing towards so-called “container technology”. This allows companies to use multiple cloud providers as back-up, switching between them in case of problems. Banks and their supervisors have also been persuaded that cloud systems, backed by vast well-financed tech companies with the most sophisticated cyber security, should be especially secure.
A step change in attitudes was evidenced by that 2019 Bank of England report. It concluded that the BoE “should embrace cloud technologies, which have matured to the point they can meet the high expectations of regulators and financial services”.
If it all sounds too good to be true, it may be. Capital One, the US bank and credit card operator, still declares in a case study advertised by Amazon Web Services: “The most important benefit of working with AWS is that we don't have to worry about building and operating the infrastructure.” But that insouciance backfired last year when it suffered a vast cloud breach exposing the personal details of more than 100m credit card customers and applicants and access to 80,000 bank accounts. An ex-AWS employee was blamed, accused of using the bank’s own web application and a firewall misconfiguration to access its data in the cloud. Legal wrangling ensued.
A different kind of privacy threat emerged in Hong Kong last week, with the big cloud companies fighting off regulatory attempts to gain access to the underlying customer data of bank clients. It remains to be seen whether hostile regulators have more or less leverage over big tech than over big banks. But given that the dominant global cloud companies are all American, mounting geopolitical tensions between the US and China, and other parts of the world, will not be helpful.
This article has been revised since original publication to clarify the alleged cause of Capital One’s data breach.
Get alerts on Banks when a new story is published