TECH TUESDAY is a weekly content series covering all aspects of capital markets technology. TECH TUESDAY is produced in collaboration with Nasdaq.
Financial market infrastructures (FMIs) have been adopting cloud technology for a number of years, to tap into advantages such as agility, scale and cost savings. As the migration continues and more critical workloads are entrusted to cloud service providers (CSPs), regulatory engagement will be vital.
FMIs that utilize CSPs are subject to stringent regulatory requirements. They must know the exact delineation of responsibilities on a service-by-service basis; methodically evaluate which CSPs and services to use; and structure and manage their relationships with CSPs to ensure that their service utilization is compliant with applicable regulations. That’s according to a recently published Nasdaq whitepaper, Planning for Cloud: Regulatory Considerations for FMIs When Choosing a Cloud Service Provider.
As cloud usage has expanded among exchanges, central counterparty clearing houses (CCPs) and central securities depositories (CSDs), so has regulators’ interest in the technology, and its implications for market stability and serving the interests of end-user investors.
Capgemini cited “magnified supervision from financial regulators across the globe” in a 2023 thought leadership piece published on Forbes. The IT services and consulting firm highlighted specific initiatives such as the Digital Operational Resilience Act (DORA) in the EU, recommendations from the Bank of England, guidance from various US regulators including FINRA, and principles set forth by the Monetary Authority of Singapore.
More broadly, Capgemini stated: “Key stakeholders in the modern cloud ecosystem … are likely to be challenged by the evolving regulatory supervision and expose their internal barriers to change. In the long run, though, these initiatives will not only be seen as a compliance exercise but as an accelerator to strengthen operational resilience and develop differentiated capabilities in cloud technology and services.”
As cloud regulation takes shape globally, FMIs, from their nexus position, can lead on collaboration and alignment between regulators, internal stakeholders, and CSPs. Embracing this challenge as best practices can optimize the benefits of cloud today, while modernizing for a future-proofed tomorrow.
The Nasdaq whitepaper highlighted components of the regulatory process, starting with stakeholder alignment, initial regulatory assessment, and vendor assessment. From there, key solution considerations include security (physical, data, and infrastructure); resilience and business continuity planning; governance and control; exit strategies; fairness; data sovereignty and integrity; and incident management.
“The accelerating technical evolution and innovation in cloud (e.g., AI/ML) will continue to make service utilization a significant area of consideration for FMIs,” the whitepaper stated. “Finding the right CSP vendor will help FMIs accelerate their transformation while still maintaining the necessary guardrails, putting them in a position to lead the industry and seize new opportunities, knowing they have a detailed framework bought into by CSPs and regulators.”
“Over time, we expect continuous CSP investment in infrastructure, infosec and adjustments to FMI and regulators’ requirements,” which paired with the development of industry best practices “ideally will create a pathway to long-term decrease in costs and risks associated with compliance when utilizing service providers.”
Creating tomorrow’s markets today. Find out more about Nasdaq’s offerings to drive your business forward here.