Bank of America has teamed with IBM and its regulatory compliance arm, Promontory Financial Group, to create a cloud computing platform that has privacy, security and regulatory banking compliance protocols built in, according to a report by American Banker.
One of the reasons for the collaboration was to help solve some of the problems that keep banks from moving into cloud computing.
“We believe that the whole industry has some unique challenges with the public cloud around compliance, security and resiliency,” said Bridget van Kralingen, senior vice president for global industries, clients, platforms and blockchain at IBM. “Governance, risk and compliance consumes around 20 percent of the operations costs of most major banks.”
Because what is needed for data protection and security tends to shift — as do regulations — it can be hard for banks to decide on whether to start adopting the technology.
“Because of that, many banks have not moved their production workloads to public cloud providers,” van Kralingen said. “There is not enough focus on those specific control requirements for the industry.”
Promontory Financial Group was founded by former Comptroller of the Currency Eugene Ludwig and bought by IBM in 2016. The company was instrumental in creating all of the regulatory controls for a cloud computing system.
“This was an important project because it’s the first public cloud for banks with a regulatory backbone,” Ludwig said. “Making sure that it has the regulatory backbone appropriate for banks takes a lot because, appropriately, banks have quite a number of requirements relating to their technology infrastructure, and helping to marry those requirements with the technology behind public cloud takes a meticulous amount of review.”
Ludwig thinks the technology will be helpful to banks and allow them to exist within regulatory frameworks.
“This technology offers a speed and efficiency that’s profound,” Ludwig said. “But this technology, like any technology for banks, is truly only accessible if it meets all the regulatory requirements for safety and soundness and other compliance obligations that banks have.”