Cloudy Times in Financial Services: Wall Street vs. The Banks

It’s interesting to watch how cloud adoption is – or isn’t – growing in any sort of a coordinated manner. Cloud is certainly not new; for instance, Salesforce.com has 100,000+ customers. And within the enterprise, cloud adoption continues to skyrocket, with three out of every four respondents indicating they are using some cloud business application, according to the third annual Future of Cloud Computing Survey run by NorthBridge Ventures.

Yet, there are differences hiding in these numbers. For whatever reason, Wall Street firms – while still adopting cloud in large numbers – are generally lagging behind their banking counterparts in cloud adoption. Below is my stab at what I think are five of the main reasons that explain why Wall Street – in relative terms at least – is adopting cloud a bit more slowly than the banking sector:

1. Regulatory Guidance: If you compare documents from the regulators, a lot of interesting things bubble up to the surface. For instance, in March 2013 the SEC announced its new Regulation Systems Compliance and Integrity (generally referred to as “RegSCI”). In a document counting over 100,000 words, the word “cloud” appears a mere three times (buried in item #85 under the “Request for Comment”) and only asks some fairly mild questions. In comparison, last July, the FFIEC (Federal Financial Institutions Examination Council), that includes representation from the Fed, FDIC, NCUA, OCC, CFPB, and SLC (note that the SEC is not a part of the FFIEC!), issued dedicated guidance on the use of cloud computing, covering the key topical areas such as due diligence, vendor management, audit, information security, legal and regulatory compliance, and business continuity planning.
2. Data Breaches: The words “exchange,” “broker,” and “capital” [as in “capital markets”] don’t even appear in Verizon’s 2012 Data Breach Investigations Report (DBIR) whereas the word “bank” appears 10 times. Moreover, in such reports from Verizon and others, the scope of these reports rarely touches on trading exchanges or brokerage firms and instead is laser-focused on traditional banks. While this doesn’t mean that banks are the only ones suffering from such attacks, it certainly does point to the fact that non-brokerage banks appear to be bearing the brunt of such breaches.
3. Safety in Numbers: Like in most other parts of financial services (and of humanity), brokerage firms like safety in numbers, be it in deployment method or otherwise. Until critical mass exists for capital markets players to adopt cloud in a more widespread manner (something that is definitely occurring), we’ll still be waiting for “the straw that broke the camel’s back.”
4. Cybercrime Attacks: What is said above about data breaches also applies somewhat to cybercrime activity. To make this point, let’s consider the security of the cloud; as we all know, cloud adoption goes hand-in-hand with information security and data privacy needs and requirements. And in this day and age of increasingly sophisticated cybercrime theft and attacks, one would expect such security requirements to only grow and increase (either from regulators and/or from the cloud providers themselves). And yet, since brokerage firms (a) generally have been on the receiving end of fewer cybercrime attacks than banks have (although a few have made headlines) and also (b) have been slower to adopt cloud technology than traditional banks, the capital markets folks typically don’t get as vocal or as involved in the discussions or committees having to do with DDoS attacks, malware infestations, and the like.
5. Employee Usage: One of the things that makes the capital markets community unique is that their employees, particularly their brokers and traders, can use mobile devices with cloud capabilities without the brokerages having a holistic ability to conduct oversight, audit, and surveillance that monitor for manipulation or prohibited activities. In contrast, most banks don’t have employees with such real-time needs (although admittedly some do) and therefore don’t necessarily perceive cloud adoption of outside devices and services to have as much risk as a brokerage’s risk group might. In fact, if you speak to most bankers, their major concern is how their employees might be wasting company time playing Candy Crush or scanning Facebook.

Above are five reasons that distinguish cloud adoption with the brokerage community from the adoption within the traditional banks. Nevertheless, cloud adoption within the capital markets market is growing rapidly and will soon transform the IT landscape as disruptively as has occurred within the traditional banking sector.