As the financial services industry migrates from the physical to the ethereal, Peter Martini, President of iBoss, explains why it’s important not to leave your security back down on earth
Citi’s technology chiefs have been outspoken in describing the digital watershed represented by the ‘ABCs’ of artificial intelligence, blockchain and Cloud computing as an ‘extinction event’ if they are not embraced by established institutions.
Citi has been sizing up the possibilities for Cloud-based banking for some time; in 2016 its transaction banking division looked at the corporate to bank integration space and asked in a discussion paper ‘is Cloud technology the answer?’, concluding that it would likely strip out complexity and reduce costs. But there are no simple answers. The trade-off for reducing the cost of infrastructure could be increased operational and governance budgets.
Here, Phil Hong, head of EMEA channel services for treasury and trade solutions at Citi, explains how a ‘lift and shift’ or ‘lift-tinker-and-shift’ approach essentially moving old, onsite applications to a new, Cloud-based environment – is likely to result in less-than-optimal economies and improvements in service. He favours taking time to re-engineer applications to Cloud-native ‘microservices’ that can help Citi achieve ‘IT nirvana’.
The Fintech Magazine: Why aren’t all Clouds created equal?
PHIL HONG: It depends on what you want to use Cloud technology for. As consumers, a lot of us have our social media, personal photographs, etc., in the public Cloud.
In professional environments, Cloud can be used to develop a more cost-effective way of managing capacity and bandwidth. So, as our data requirements grow and our customers’ payments business grows, the amount of processing and the amount of information that we need to store grows exponentially, too. The Cloud is a way for us to accommodate that, but we wouldn’t want that very sensitive data in a public space.
A private Cloud is not only better from a security perspective, but possibly from a regulatory perspective, too.
That leads to another question: ‘where exactly is the Cloud?’. Because while, physically, the Cloud is made up of servers and machines that have to be located in a physical space, largely that is shared and distributed in a very virtual way. One of the things we’ve seen with a number of data protection laws being passed in countries around the world, is that several regulators talk about data having to be localised or ringfenced within their national boundaries. So, one of the challenges is how do we apply some of this data protection and regulation to personal data in a Cloud-based environment?
TFM: So, what were the overarching goals and benefits to moving to a Cloud-based platform for a large global institution like Citi?
PH: Cost has to be a factor. Adding additional hardware is not just an expensive thing to do, but there is a lot of lead time spent in procuring hardware, commissioning it, installing it and testing it. If our applications are deployed in a Cloud-based infrastructure, adding additional bandwidth, in terms of data capacity and processing bandwidth, is simpler to achieve.
Cloud-based technology also really encourages large organisations such as ourselves, which may have grown very large legacy applications over the years, to rearchitect those applications into a micro service approach. Those micro services enable us to be much more agile in the way we grow and enhance certain functions, and combine them in order to create the right services for our customers.
I’ll give you a specific example. Our online banking application, CitiDirect BE, has payment capabilities across 135 currencies, 27 languages and, over the years, we’ve built that up into quite a large application, with more and more functionality that our customers have been demanding. Moving that into the Cloud has meant, for us, quite a large challenge in rearchitecting that application into micro services that, ultimately, will enable us to utilise Cloud technology to its fullest. We can build up the capacity of those services in a much more agile way.
TFM: How is Citi using Cloud-based technology to improve its interactions with regulators?
PH: In Europe, we’ve had a couple of really big pieces of regulation impacting the payments industry. The revised Payment Services Directive (PSD2) opened the doors to Open Banking, allowing customers to access their accounts from other platforms, other applications, other software. In order for us to meet the requirements of PSD2, but also to embrace some of the opportunities of PSD2 and Open Banking, we need to start moving our applications, and our capabilities, into a Cloud-based environment, and to have those exposed to the world through application programming interfaces (APIs).
The other regulation that has impacted us recently is the General Data Protection Regulation (GDPR) and that provides a different challenge, particularly because, when we think about data protection as a requirement, one of the things we have to think about is the geographic location of our data.
With Cloud-based technologies, the data will be residing on servers in some physical location, but also virtually, because it’s being accessed from all around the world. So, what does it mean for data to be in the Cloud, when it comes to national regulations that are concerned about the data being ringfenced within their geographic borders?
TFM: Where does Citi see the biggest opportunities to serve customers better using Cloud-based technology?
PH: The Cloud is starting to really help us open up our transactional capabilities through APIs, not just for our customers to make use of themselves but, increasingly, as they move their software and vendor requirements into Cloud-based apps.
For example, the traditional enterprise resource planning vendors, like SAP and Oracle, are creating their applications in the Cloud, as well as some of the treasury management systems that have grown up in the fintech space with companies like Kyriba, BELLIN and FIS. These systems that our customers are using are increasingly able to access our bankingas a service capabilities through APIs.
Not only that, but I think it’s been very interesting what SWIFT has done with SWIFT gpi. It’s something that the banks have come together with SWIFT to create in order to provide better servicing and better visibility of cross-border payments around the world for customers.
The gpi has been a classic example of how to build something in the Cloud, with all the banks having to collaborate in order to update the status of payments as they flow through the banking network. Cloud-based technologies and APIs have been the way that gpi has ended up being implemented and I think it’s working extremely well.
Our customers have really welcomed the fact that gpi is giving them real-time visibility of where their payments are. We’ve embraced the capability by adding it to
our online banking interface, CitiDirect BE, with something we call Payment Insights, which enables people to track where the payment is, very much like a parcel tracking reference. Because it’s been so valuable to our customers and they’ve given us such positive feedback, we’re trying to extend that now to all payment methods.
TFM: So how does Citi stay at the forefront of all these Cloud-based developments in financial services?
PH: Through innovation. Through listening to how our customers want to make use of our services. I think this move towards being much more open, much more agile in our delivery of banking services, is where Cloud-based technologies and APIs are going to really help.
This article was published in The Fintech Finance Magazine: Issue #12, Page 86.