There is no doubt now that core banking platforms will eventually move to the cloud. The logic behind this move is inexorable. The question is not if, but when

It may take time, but cloud platforms offer such overwhelming advantages – providing infrastructure, scalability (up and down) and access to tools and technologies that enhance efficiency, cost-effectiveness and business agility – that the direction of travel is firmly established.

According to a recent study by Accenture, 97% of all financial institutions have already adopted cloud strategies, though these are mostly concerned with deploying solutions for non-critical, non-core functions. Other industries have proved the point that judicious use of private and public cloud platforms can bring immediate and far-reaching business gains. There are particular issues that need to be settled before the same thing happens in financial services, but it cannot be long before banking and wealth management are able to enjoy the same benefits.   
Today’s concerns are centred on risk, data security and restrictions that affect where client data may be stored and processed. Regulators generally take the view that public cloud has risks associated, and both banks and regulators agree that it must be possible to guarantee watertight security and rigorous safeguarding of data protection rights before public cloud platforms can be used for core banking functions.

These potential problems are being addressed in relation to public cloud platforms. But, in the meantime, it is important to recognize that such concerns do not necessarily apply to private cloud setups. Private cloud can already be made appropriately secure, robust and reliable, while offering all the promised benefits of scalability, agility, efficiency and cost savings. Public cloud will get there one day; private cloud is there now.

The race to provide cloud-based solutions is already under way and there is a lot of confusion in the marketplace. Many suppliers are boasting about their cloud capabilities, but they often mean very different things and their offerings need to be scrutinized with great care to avoid serious misunderstandings. 

Market needs

The principal misconception about cloud deployment is the assumption that it simply requires a containerized SaaS solution that has been tested for different cloud platforms. The software is certainly a key component, but in a trusted and highly regulated sector like financial services, there are significant risks involved if the approach to software deployment and cloud management is not scrupulously planned and managed.
When deploying a SaaS platform, banks and wealth managers need to be confident that the provider they choose can guarantee four key aspects of the proposed SaaS solution:

  1.  Is the platform genuinely secure at the high level required for financial services? This means working with a provider that manages and assures the security of the platform and takes responsibility for compliance with whatever regulatory requirements apply in the relevant jurisdictions.
     
  2. Is the provider fully accountable for the successful end-to-end operation of the system, rather than just supplying a software package? Having to chase different providers to solve downtime problems is clearly a non-starter for any proposed cloud deployment of your core banking system. The provider must be able to offer end-to-end managed services that guarantee high and consistent availability and holistic management and service delivery across current and future cloud environments. The system should be at least as efficient and robust as an on-premises deployment and it should offer highly automated provisioning and operations to meet your scalability and agility goals.
     
  3. Does the provider protect you from lock-in? Cloud platforms are developing rapidly, and what seems like the best platform and approach today could look less ideal in just a year or two’s time. Banks need to avoid the risks of getting locked into a particular private or public cloud approach, of being locked into a specific cloud provider or of being locked into having to adopt one single deployment approach across every part of the business. The provider needs to make the transition from one type of cloud platform to another as easy and painless as possible.
     
  4. Is the platform open or proprietary? This is not a new issue. The need to avoid product lock-in and ensure agility for the business means it is essential to choose solutions that use open technologies and align with industry standards. Only by doing this can banks be assured of being flexible enough to integrate new, unthought-of capabilities and bring them to market fast enough to guard against digital disruption.
     
  5. No ordinary SaaS package or cloud platform is going to be enough to do the job. For cloud to deliver the benefits banks and wealth managers want without introducing intolerable levels of risk, the cloud platform has to be tuned and managed to match the unique needs of the financial services environment. But it must also be kept open and agnostic to the technologies underlying it, and with which it may eventually need to integrate.

Vision

Avaloq has long recognized these pressing imperatives for banks and wealth managers. For several years, it has been working to a strategy that ensures continuing support for on-premises deployments while offering clients an easy path to begin their migration to cloud.

This approach includes two fundamental components. The first, covered in detail in our architecture roadmap, has been to embark on re-architecting the Avaloq Banking Suite to anticipate the move from today’s cloud-enabled technology to tomorrow’s cloud-native technology. To achieve this, Avaloq has created a new microservices-based architecture that utilizes state-of-the art technology, i.e. Docker containers orchestrated using Kubernetes (RedHat OpenShift). This new architecture has allowed us to introduce new capabilities, such as goal-based wealth management, while ensuring that existing functionality can be migrated over time.

The second component is a commitment to create products that are equivalent across different deployment methods and are fully cloud-platform agnostic. Our new cloud platform – the Avaloq Financial Cloud – has been co-developed with IBM over the last two years, creating a future-proof design that can support public, private and hybrid cloud options across core cloud providers. This platform is built around a software-defined data centre (SDDC) concept and is designed to offer assured levels of service, security and regulatory compliance with FINMA, MAS and other relevant market regulators. It will be extended over time with the Avaloq expertise of more than 15 years in this domain. It supports high levels of automation, enabling agile businesses to scale and re-size their services rapidly in response to new demands and client opportunities. This partnership allows Avaloq to provide global services and establish a global hub-spoke model for delivering its services closer to our clients.

The keys to cloud platform agnosticism are the use of VMware Cloud Foundation and the use of standardized interfaces (API) to manage, control and deploy applications across clouds and to support workloads shared across different elements of cloud infrastructure. This industry-standard approach can be deployed quickly and easily anywhere in the world to provide the infrastructure needed to support a bank’s growth plans and initiatives. Integrating the SDDC approach with state-of-the-art technology and services allows Avaloq to assure very high availability levels, backed up by disaster recovery capabilities that utilize redundant data centres with synchronous storage replication and the ability to provide zero data loss.

This approach means that Avaloq can assume end-to-end responsibility for a bank’s services, delivering great performance (e.g. utilizing full flash storage, running on the latest hardware) with clearly defined SLAs that guarantee systems will be available, compliant, stable and secure (including integrated security information and event management (SIEM), a host-based intrusion prevention system (HIPS) and database encryption). 

Over and above running Avaloq’s software, the platform provides a long list of integrated services, including automation and orchestration, operation, maintenance and support of applications, change and release management, monitoring and management of the network and infrastructure, business continuity management, security, identity and access management, data encryption, log management, service desk support, segregation options for client data (offering assured storage in defined jurisdictions) and support for regulatory evolution. 

Avaloq believes that attempting to deploy a mission-critical cloud application without this full set of integrated services around it is like trying to build a car that has a powerful engine but no chassis, gearbox, wheels or seats. Without the full kit of parts, it simply won’t get you anywhere.
 

Roadmap

The next six months

Avaloq will begin migrating the first SaaS and BPaaS clients, in Switzerland and Singapore, onto the new SDDC infrastructure at the start of 2020. This will involve the use of a private cloud deployment model to meet regulatory requirements while delivering all the benefits of an agile cloud infrastructure.
We foresee our clients moving towards public cloud use in a phased approach, starting with non-critical services and development environments and only moving on to production environments once regulators in a particular market are satisfied that the use of public cloud is secure and appropriate for banking and wealth management services. 
 

While public cloud is relatively new as a core banking production platform option, we have some clients that have already been running their Avaloq Core Platform development on Amazon Web Services (AWS) for five years, since 2014. In early 2020, Avaloq will enhance the Avaloq Financial Cloud to support hybrid cloud models which will, for example, allow banks, depending on their needs and regulatory constraints, to use public cloud for development and testing work while still using private cloud for production purposes. 
Using the capabilities in the Avaloq Financial Cloud, we are introducing a new service for application development infrastructure as a service (ADAIaaS), which is now available to banks, partners and fintech companies. It gives developers a platform that lets them focus on application development, using an integrated Avaloq core, dramatically speeding up development cycles and removing the need for infrastructure to be deployed before development and testing can begin.

The next 12 to 24 months

Avaloq will soon begin rolling out both new capabilities and many components of existing core functionality as microservices, where appropriate, as shown in our detailed architecture roadmap. 
In relation to the Avaloq Financial Cloud, public cloud support will be enhanced so that capabilities can be deployed seamlessly across multiple public cloud providers. This will enable banks and wealth managers to optimize infrastructure costs and avoid cloud provider lock-in. As well as the provision and testing of core software capabilities across these platforms, it will also provide all the associated services noted earlier across a complete hybrid stack.
Avaloq is also examining the option of creating a new satellite in Australia, as an extension to its regional hub in Singapore.