For financial services firms, resilience has traditionally revolved around maintaining business continuity after a cyber-breach or service interruption caused by an IT outage. But this definition has shifted post-pandemic. 

“Of course, technical infrastructure failures are still likely, even more so given the increase in remote-working locations and the potential security issues this presents. But resilience in the wake of the pandemic now means so much more,” says Lorraine Mouat, senior regulatory consultant at the TCC Group, which provides support on regulatory and compliance issues to global banks and the wider financial services sector.

Lack of social contact, poor home-working environments, blurred work and home boundaries and financial worries are all taking a toll on employee wellbeing, she says. Firms may be facing capacity issues due to increased absences while also having to deal with increased demands from clients. Reduced revenue generation, despite persistent fixed overhead costs, could be causing financial constraints too.

And oversight and monitoring, key regulatory requirements for financial services firms, are more challenging due to dispersed work locations.

All this comes at a time when the risks that influence resilience strategies were already growing more complex and urgent. Regulatory focus on the way financial firms should approach resilience was therefore beginning to shift long before the pandemic struck.

“Even before the COVID crisis, the Financial Conduct Authority was already focusing its attention on the operational resilience of the financial system and the individual firms within it,” says Mouat.

An issue of concern is some financial institutions’ dependence on legacy IT systems that are in dire need of an upgrade. Exposure to climate-related infrastructure or supply chain problems is also rising up the resilience agenda. And while increased demand for digital services and partnerships with fintechs have spurred innovation within the industry, they’ve added to the overall technological complexity of the banking system. 

Security and operational controls

The recent breakneck shift to remote working has put further pressure on firms’ ability to control the devices and connectivity of their formerly office-based staff. 

“While the ease and success of operational reconfiguration has surprised many, firms are only now starting to adjust their security and operational controls to respond to the more open access they’ve been forced to implement,” says Dave Machin, partner at the Berkeley Partnership, a specialist independent management consultancy. “This has also reinforced a trend that was already underway: the move from incident prevention to a focus on incident response.”

This presumption that disruption will occur reflects the increasing reliance of financial services firms, and importantly their customers, on online systems, says Tobin Ashby, partner at Pinsent Masons, an international law firm that advises financial services firms. 

“Firms therefore need to look in detail at the business services they provide to customers in the good times to assess how they might go wrong under any stress, how much tolerance there should be and how failures will be dealt with to ensure, above all, continuation of service to customers,” he says.

Firms therefore need to look in detail at the business services they provide to customers in the good times to assess how they might go wrong under any stress

Mike Hampson, chief executive of Bishopsgate Financial, which specialises in delivering change management within the financial services sector, says financial institutions must ensure they “fully understand the risk implications from a third-party’s failure at any point in the chain of activities and over a sustained time period”.

In addition, change and the management of change should be viewed as potential threats to operational resilience, even though change is badly needed in many cases. 

“As firms update their business models and systems with new technology, they are more frequently undergoing major transformational change projects,” says Ashby. “These projects will need to be planned and executed with operational resilience as a main focus, and starting from a presumption of inevitable systems disruption, to ensure the kinds of upheaval for customers on systems upgrades seen in recent years are not repeated.”

Almost two hundred years of open-outcry trading at the London Stock Exchange became a quaint historical relic when in 1986 the Big Bang – market deregulation – closed the trading floor. That regulatory blast also smoothed the way for electronic equity trading. 

But the Big Bang didn’t shock all financial markets in the same way. Fixed-income trading, in particular, changed much more slowly. This is mainly because it had no centralised marketplace to disrupt. Trading took place “over the counter” (OTC) on the phone between big banks, securities houses, insurers, asset managers and pension funds.  

Even now, following the introduction of the Markets in Financial Instruments Directive (MiFID II) and Regulation (MiFIR) at the start of 2018 – “perhaps the most significant development to impact European bond markets in memory”, according to the International Capital Market Association (ICMA) – aspects of the fixed-income market, such as high-yield corporate bonds, or emerging market bonds, are still only traded OTC. The ICMA said in December 2018 that the first year of MiFID II regulation had given a “slight but discernible nudge” to the “well-established trend of electronification”.  

The coronavirus pandemic, though, may be the shock that finally ripples through all aspects of fixed-income and drives technological upgrades. The demands of lockdown and social distancing forced financial services firms to fall back on disaster recovery centres and to find out just how resilient their systems really were. The picture was mixed. Trading platforms are said to have adapted very well while brokers that relied on a traditional recovery centre struggled more. The gulf allowed some houses – those with a platform – to push forward to take on more risk.  

“COVID-19 accelerated things that were already in the system in terms of technology upgrades,” says Carl James, global head of fixed-income trading at Pictet Asset Management. “For example, firms are supposed to carry out regular upgrades on their order management systems, which are at the heart of the buyside technology stack, but three or four years can go by before people do it. COVID-19 is said to have focused minds on making budgets for that.” Pictet Asset Management places around 80 per cent of its trades electronically and (as of June 2020) manages some $209 billion. 

But technology upgrades won’t just be about ensuring resilience or optimising costs. “Firms will need new operating models,” says Ali Merji, senior director in the Chief Information Officer Research Group at Gartner. “The cloud will play a massive role. Even in differentiated capabilities like trading there will be outsourcing. Traders who understand data and artificial intelligence specialists who understand trading are still wishful-thinking, but that is the future.”  

Slow pace of change 

The relatively slow pace of change in fixed income is not just because the right data specialists are thin on the ground. James says the market is “still in the first stage of electronification”, that the fourth and final stage of full automation remains some way off and a full market structure will have to be in place for that to happen. A full structure will include sectors such as emerging markets, many of which still have limited digital-trading infrastructure. As trading in developed centres becomes more automated, it will allow staff to focus more energy on segments like emerging markets, says James.  

But there are also issues closer to home. “Anything where you need a lot of people to work together will take time,” says Merji, pointing out that not all firms have done impact assessments on the return on equity that electronification would bring.

This may mean a shake-out and it highlights a further, very human stumbling block to the transition. “When it comes to using more technology, you come up against the fact that, if people are doing very well, they don’t want to change,” says James. “I first saw the FIX protocol that allows electronic trading in 1995. For me, it was an utter game-changer and would alter everything in five years. It took a few more years for electronic trading to be fully adopted in the equity market.” 

When it comes to using more technology, you come up against the fact that, if people are doing very well, they don’t want to change

In principle, electronic trading not only boosts efficiency and liquidity and cuts costs, it also allows financial services firms to have a clear audit trail, which is vital for compliance. However, the COVID-19 crisis shows more work may be needed on resilient compliance systems, particularly if social distancing becomes a new norm.  

“Surveillance is the greatest challenge of working from home,” says Merji. “It is about identifying anomalies before something goes wrong. That will probably take time to perfect.” He points out that some houses analyse video feeds to look for looming problems. That may be a challenge when people are trading from their back bedroom.

Financial services firms need to be agile, innovative and securely resilient to tackle the ever-increasing number of challenges they face today, and maintain trust and confidence in the critical services they provide.

To meet these demands, many leading organisations rely on AWS’ secure and resilient infrastructure and services. During the COVID-19 pandemic over 5,000 new Companies and Connect Customers have started using the AWS service Amazon Connect to build cloud contact centres to enable their customer service agents to work remotely. For example, when one of our customers suddenly had to close their contact centres due to the COVID-19 pandemic, we were able to help them shift thousands of agents to remote working via our call centre in the cloud, Amazon Connect, which can securely direct calls to remote workers and scale up and down as necessary. 

Many of our customers have also benefited from Amazon Workspaces, which provides a secure remote desktop allowing employees to quickly and securely access the applications they usually use in the office. Such solutions allow financial services firms to quickly respond to unforeseen events and continue providing the level of service their own customers rely upon. But even before a crisis hits, AWS allows firms to design, deploy and test their mission-critical applications to ensure they meet all their availability and resiliency criteria.

Availability and capacity are, of course, a big concern for financial firms. For decades seemingly endless resources have been invested in primary, secondary and even tertiary systems that were very laborious and expensive to maintain – particularly in combination with never ending refresh cycles for on-premises mainframe, network, compute, and storage technology. And has been further compounded for global banks who have to maintain multiple versions of this infrastructure around the globe.

Available everywhere

The AWS Region and Availability Zone model offers a game-changing alternative to this outmoded approach. An AWS Region is a physical location in the world where we have multiple Availability Zones (AZs).  Each AZ is highly secure, up to 100 km’s apart, and can consist of one or more data centres with redundant power and networking. These AZs allow financial firms to run their production applications and databases in a load balanced way across the region, making them far more available, fault-tolerant and scalable than those run from a single data centre. Each Region will also have two separate Network Transit Centre locations connecting the Regions ingress and egress to the world. The Amazon Simple Storage Service (S3) delivers strong read-after-write consistency automatically for all applications across a region. Unlike other cloud providers, Amazon S3 delivers strong read-after-write consistency for any storage request, without changes to performance or availability, without sacrificing regional isolation for applications, and at no additional cost.

AWS now spans 77 AZs within 24 geographic regions around the world. While each AZ is fully independent, they are also connected through links allowing for low single-digit millisecond latency between each one.

This low latency allows for continuous replication between the different AZs – a foundational principle for high availability and fault tolerance on AWS. Indeed, if one of the AZs in a particular Region experiences intermittent disruption, the other AZs, independently, are able to continue operating. Customer’s experience 94% less productive time lost to outages when running on AWS, according to IDC research.

The AWS Region and AZ model also helps our customers to compete globally too. For example, financial firms can make their applications available from any AWS Region or AZ. That’s a compelling offering for enterprises that want to rapidly expand into new markets without massive capital expenditure, without having to recruit and train local staff, and without having to enter into a contract for an on-premises data centre that offers only minimal flexibility and resilience.

Reducing complexity

The ability to reproduce the same infrastructure configuration for your business applications and data consistently around the world by managing your infrastructure ‘as code’ the same way you do for software, is one of the fundamental keys to unlocking digital innovation. Doing this by leveraging the 175+ fully-featured API enabled services is a powerful move to remove undifferentiated heavy lifting.

AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. This provides you with a single source of truth for your AWS and third-party resources. Furthermore, AWS can help financial firms to address technical debt issues, which often stem from the coding complexity associated with legacy platforms and are compounded by slow upgrade cycles, adversely affecting a firm’s ability to innovate and employ new technologies.

Our reliable, inexpensive cloud services also present huge benefits in terms of elasticity. Traditionally, financial enterprises have over-provisioned their IT hardware and software to ensure they have enough capacity to handle business operations at peak levels of activity. With AWS, they can scale their technology resources to meet demand, potentially deploying hundreds, thousands or even hundreds of thousands of servers in a matter of minutes, while also saving time, effort and money.

Alongside the AWS Services, the AWS Marketplace offers you software on demand from more than 1,600 Independent Software Vendors (ISV’s) who offer more than 8,000 transactable listings from 50 categories. These are easy and secure to deploy and allow flexible consumption and contract models all within one consolidated bill.

You are not alone on your journey, AWS Financial Services Competency Partners provide cloud-based offerings that help accelerate innovation for banks, insurance companies, capital market firms, and payment processors of all sizes. These offerings allow you to become more agile, strategic, and customer-focused. Protect your business and your customers by reducing risk, improving fraud detection, and decreasing compliance costs. AWS Partner offerings empower you to get new products to market faster while meeting constantly changing regulatory, business, and customer requirements.

These services and support networks are helping numerous financial services firms meet the challenges they face today. HSBC, for instance, plans to use our portfolio of cloud services, including compute, containers, storage, database, analytics, machine learning, and security, to develop new digital products and support security and compliance standards for millions of personal banking customers worldwide1. It’s just one example of the kind of innovation that AWS enables, while also ensuring that financial firms remain resilient in the face of an ever-changing environment.

To find out more about how AWS supports resilience and innovation in the financial services sector visit: https://aws.amazon.com/financial-services

Before the coronavirus swept across the globe, financial services companies in the UK were busy preparing for a new regulatory framework that would bolster their ability to withstand operational shocks without any interruption to their business.

The proposed operational resilience rules envisaged disruption such as IT problems or cyberattacks and even incidents that would cause whole business premises to be closed. What nobody had really anticipated was an event that would shut down offices worldwide almost simultaneously. 

Consultations on those rules were quickly pushed back, with the Financial Conduct Authority, Prudential Regulation Authority and Bank of England extending the deadline until October as regulatory priorities shifted to ensuring the financial system did not grind to a halt.

“The regulators have relaxed a lot of the rules so they don’t get in the way of dealing with this situation,” says Adrian Docherty, head of financial institutions advisory at BNP Paribas. “The first focus has been keeping banks open, keeping the cash flowing and the economy moving, while all of the long-term issues have been sidelined.”

The regulators have relaxed a lot of the rules so they don’t get in the way of dealing with this situation

In the European Union, for instance, legislators quickly rushed through the Capital Requirements Regulation (CRR) “Quick Fix”, a package of measures designed to ease some of the regulatory burden for banks to help them better manage the pandemic.

This included suspending for two years IFRS9 provisions, a requirement that banks have to set aside provisions for loans that could potentially incur losses in the future. It also brought forward rule changes to small and medium-sized enterprise lending that would allow banks to reduce their capital requirements for loans made to businesses with larger levels of debt.

“All these measures give people a bit more leeway in times of stress and avoid accidental offsides, so banks are able to trade and do their business confidently without fearing the impact of regulatory intervention,” says Docherty.

Adapting to the new environment

While some of those CRR Quick Fix rules have specific time limits, banks and other financial institutions are trying to gauge not only how the regulatory landscape might transition from the crisis to a more business-as-usual operating environment, but also how tolerant regulators will be if firms are still struggling to adapt six months after lockdowns were first imposed.

“The forbearance measures, which took a variety of forms, were designed to assist firms in concentrating their efforts on responding to the challenges posed by the pandemic and serving their customers,” says Julia Dixon, a financial regulation partner at law firm Linklaters. “Now that the initial COVID response period has passed, we see firms, mindful of supervisory and potential future enforcement focus, relying less upon these measures.”

One potential issue that firms have to worry about is the return to the office, not only due to social-distancing concerns, but also from a supervisory perspective. How will regulatory requirements be prioritised and enforced if some regulated employees are working in the office and some are working from home? 

A potential move towards a more permanent remote working strategy also creates other issues around culture and conduct, says Dixon’s colleague and fellow financial regulation partner Pansy Wong.

“We have heard from many institutions that they are reconsidering what their office footprint might look like as a result of having more people working from home. If there is a significant change in office life and more remote working, that does put stress on the supervision aspect of these businesses, and maintaining conduct and culture requirements to the high standards regulators demand is going to prove more challenging,” she says.

In any case, bankers and market watchers are not expecting a wholesale shift in the regulatory backdrop. UK regulators are not planning to extend the operational resilience consultation beyond October and do not anticipate delays around finalising the rules. And while the regulators are likely to take onboard lessons learnt from the pandemic, the core tenets of the policy are not expected to change significantly.

But Docherty at BNP Paribas hopes the pandemic might prompt regulators to rethink some of the broader rules around capital requirements that have been temporarily eased. “If something like IFRS9 has to be suspended in a crisis, then it’s probably the wrong rule for other periods as well,” he concludes.