Abstract
With the increased adoption of cloud services, the resilience of cloud providers is paramount to not only the firm, but also to the stability of the financial sector. Method: We use a “mixed” method of research by using a combination of data ranging from the UK regulator regulatory data and information from the public domain, supported by interviews with technology risk specialists at the FCA. Conclusion: This research acknowledges the strategic role of information systems and recognises the key advantages that cloud providers can bring to financial firms. Most firms are keen to leverage these benefits, by adopting “cloud” into their future IT strategy. However, we find that this may lead to increased reliance on key service providers, thus leading to concentration risk. We also find that lack of supplier due-diligence and interoperability standards between providers can be significant contributors to this risk. This research then arrives at three aspects—availability concerns, cyber-attacks and contractual issues, which could constrain the ability of service providers to provision contracted services—that could potentially cause detrimental effects across the financial sector. Before concluding, we look at factors that could mitigate this risk and the increasing role of regulators, firms and service providers in this endeavour.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
UK Financial Services Regulator—Financial Conduct Authority (FCA).
- 2.
Technical Committee of the International Organization of Securities Commissions (IOSCO).
References
Ang, S., & Straub, D. (1998). Production and transaction economies and IS outsourcing: A study of the U.S. bank industry. MIS Quarterly.
Armbrust, M. et al. (2009). Above the clouds: A Berkeley view of cloud computing. UC Berkeley Technical Report.
Basel. (2005). The joint forum at basel committee on banking supervision, outsourcing in financial services. in Bank for International Settlement. Basel.
BBC News. (2016). Fast cash: The high-speed world of cloud-based finance–BBC News. [Online] Available at: http://www.bbc.co.uk/news/business-36129408.
BITS. (2010). BITS Guide to Concentration Risk in Outsourcing Relationships. Financial Services Roundtable.
Bisong, A., & Rahman, S. (2011). An overview of the security concerns in enterprise cloud computing. International Journal of Network Security & Its Applications (IJNSA) 3(1), 30–45.
Bolton, J. (2008). The strategic case for outsourcing back-office chores. American Banker Magazine.
Braun. Ch,. & winter, R. (2005). Classification of Outsourcing Phenomena in Financial Services. ECIS Proceedings. http://aisel.aisnet.org/ecis2005/2.
Brusnahan. (2015). Saxo Payments selects Oracle FLEXCUBE platform - Electronic Payments International. [Online] Electronic Payments International. Available at: http://www.electronicpaymentsinternational.com/news/saxo-payments-selects-oracle-flexcube-platform-011015-4683699/.
Capgemini. (2015). Shifting Sands: Banking in the Digital Era. https://www.temenos.com/globalassets/mi/rep/shiftingsands-temenos_8th_annual_surveyfinal-w.pdf.
Cloud Pro. (2017). Tesco Bank moves to AWS cloud in just eight months. [Online] Available at: http://www.cloudpro.co.uk/leadership/5575/tesco-bank-moves-to-aws-cloud-in-just-eight-months
ComputerWeekly. (2017). Insurance brokers count cost of lost business as SSP SaaS platform outage enters second week. [Online] Available at: http://www.computerweekly.com/news/450303913/Insurance-brokers-count-cost-of-lost-business-as-SSP-SaaS-platform-outage-enters-second-week.
Gozman, D., & Willcocks, L. (2019). The emerging cloud dilemma: Balancing innovation with cross-border privacy and outsourcing regulations. Journal of Business Research, 97, 235–256.
Gozman, D., Liebenau, J., & Mangan, J. (2018). The innovation mechanisms of fintech start-ups: insights from SWIFT’s innotribe competition. Journal of Management Information Systems, 35(1), 145–179.
Dobinson, C. (2017). HSBC CIO Darryl West uses bank adopting cloud-first strategy. [Online] CIO UK. Available at: http://www.cio.co.uk/cloud-computing/hsbc-cio-darryl-west-says-bank-adopting-cloud-first-strategy-3655976/.
Enterprise Cloud News. (2017). Royal Bank of Scotland Banks On Cloud - Enterprise Cloud News. [Online] Available at: http://www.enterprisecloudnews.com/author.asp?section_id=560&doc_id=732701.
FCA. (2016), Guidance for firms outsourcing to the ‘cloud’ and other third-party IT services. Available at: http://www.fca.org.uk/static/fca/article-type/news/fg16-5.pdf
FCA (2017), FCA Sector Views. Available at https://www.fca.org.uk/publications/corporate-documents/sector-views
Finextra Research. (2016). Tandem selects Fiserv Agiliti as IT backbone. [Online] Available at: https://www.finextra.com/newsarticle/28441/tandem-selects-fiserv-agiliti-as-it-backbone.
Finnegan. (2017). HSBC turns to Google Cloud for analytics and machine learning capabilities. [Online] ComputerworldUK. Available at: http://www.computerworlduk.com/cloud-computing/hsbc-turns-google-cloud-for-analytics-machine-learning-3655688/.
Finnegan. (2015). How Tesco Bank has adopted AWS cloud as ‘business as usual’ in eight months. [Online] ComputerworldUK. Available at: http://www.computerworlduk.com/cloud-computing/how-tesco-bank-has-adopted-aws-cloud-as-business-as-usual-in-eight-months-3629767/
FIS Global. (2017). [Online] Available at: https://www.fisglobal.com/EmpoweredClients/Atom.
Fiserv. (2017). Agiliti from Fiserv Fuelling Change in UK Fintech. [Online] Available at: http://investors.fiserv.com/releasedetail.cfm?releaseid=938273].
Fiserve. (2010). Tesco Bank Live on Signature Bank Platform from Fiserv. [Online] Available at: http://investors.fiserv.com/releasedetail.cfm?releaseid=532522
Foley. (2016). Global DNS outage hits Microsoft Azure customers| ZDNet. [Online] ZDNet. Available at: http://www.zdnet.com/article/global-dns-outage-hits-microsoft-azure-customers/
Gioia, D. A., Corley, K. G., & Hamilton, A. L. (2013). Seeking qualitative rigor in inductive research notes on the Gioia methodology. Organizational Research Methods.
Hirschheim, R., & Lacity, M. C. (1993). The information systems outsourcing bandwagon. Sloan Management Review.
Hon, W. K., & Millard, C. (2016). Use by Banks of Cloud Computing: An Empirical Study. Queen Mary School of Law Legal Studies Research Paper No. 245/2016. Available at SSRN: https://ssrn.com/abstract=2856431.
HP. (2017). HP News—Deutsche Bank and Hewlett-Packard sign agreement. [Online] Available at: http://www8.hp.com/uk/en/hp-news/press-release.html?id=1919059.
IBM. (2017a). Lloyds Banking Group Signs IBM Cloud Deal. [Online] Available at: http://www-03.ibm.com/press/uk/en/pressrelease/52569.wss.
IBM. (2017b). Scalable hybrid cloud infrastructure [online] Ibm.com. Available at: https://www.ibm.com/it-infrastructure/sa-en/hybrid-cloud/scalability/.
IBS Intelligence. (2015). Nutmeg moves back office ops in-house, goes live with new platform from Babel Systems—IBS Intelligence. [Online] Available at: https://ibsintelligence.com/ibs-journal/ibs-news/nutmeg-moves-back-office-ops-in-house-goes-live-with-new-platform-from-babel-systems/.
Intelligent Environments. (2016). The rise and rise of the challenger banks—Intelligent Environments. [Online] Available at: https://www.intelligentenvironments.com/the-rise-and-rise-of-the-challenger-banks
IOSCO, (2005), Technical Committee of the international organisation of securities commissions.
Judge. (2014). Microsoft confirms Azure outage was human error. [Online] DatacenterDynamics. Available at: http://www.datacenterdynamics.com/content-tracks/colo-cloud/microsoft-confirms-azure-outage-was-human-error/92880.fullarticle.
Kakabadse, N., & Kakabadse, A. (2000). Critical review—outsourcing: A paradigm shift. Journal of Management Development.
Keahey, K., Armstrong, P., Bresnahan, J., LaBissoniere, D., & Riteau, P. (2012). Infrastructure outsourcing in multi-cloud environment, in Proceedings of the 2012 Workshop on Cloud Services, Federation, and the 8th Open Cirrus Summit.
Badger, L., Patt-Corner, R., & Voas, J., Draft cloud computing synopsis and recommendations of the national institute of standards and technology. NIST Special Publication (vol. 146). [Online]. Available: http://csrc.nist.gov/publications/drafts/800-146/Draft-NIST-SP800-146.pdf.
Lacity, M., & Hirschheim, R. (1993). Information Systems Outsourcing; Myths, Metaphors, and Realities. New York: Wiley.
López, J A. (2004). Outsourcing by financial services firms: the supervisory response. FRBSF Economic Letter. http://www.frbsf.org/publications/economics/letter/2004/el2004-34.pdf
Manning, S., Massini, S., & Lewin, A. (2008). A dynamic perspective of next generation offshoring: The global sourcing and science and engineering talent. Academy of Management Perspectives, 22(3), 35–54.
Myers, M. D. (2009). Qualitative research in business & management. Sage Publications Ltd.
Myllykoski, J., & Ahokangas, P. (2013). Transformation towards a cloud business model. Communications of the Cloud Software.
Ohpen. (2012). Ohpen provides Robeco ICT platform—Ohpen. [Online] Available at: http://www.ohpen.com/ohpen-provides-robeco-ict-platform/.
Oracle.com. (2015). Hampden and Co. Selects Oracle FLEXCUBE on Managed Cloud Services to Deliver Superior Customer Service. [Online] Available at: http://www.oracle.com/us/corporate/press/2404861.
Prahalad, C. K., & Gary, H. (1990). The core competence of the corporation. Harvard Business Review.
PwC. (2016). Traditional Financial Services Firms fear almost a quarter of their business is at risk from Fintechs. [Online] Available at: http://press.pwc.com/News-releases/traditional-financial-services-firms-fear-almost-a-quarter-of-their-business-is-at-risk-from-fintech/s/f3f3dea5-cbf9-4b0d-aff2-164f418e6451.
Quinn, J. B., & Hilmer, F. G. (1994). Strategic outsourcing. Sloan Management Review.
Savvas. (2014). Monitise and IBM join forces to offer cloud-based mobile payment platform. [Online] ComputerworldUK. Available at: http://www.computerworlduk.com/it-vendors/monitise-ibm-join-forces-offer-cloud-based-mobile-payment-platform-3542146/.
Saxo Payments. (2015). Saxo Payments Teams Up With Oracle|Saxo Payments. [Online] Available at: https://www.saxopayments.com/saxo-payments-teams-up-with-oracle-10885.
Techflier. (2016). Top 20 High Profile Cloud Failures of All Time—Techflier. [Online] Available at: https://www.techflier.com/2016/01/25/top-20-high-profile-cloud-failures-all-time/
Temenos, (2013). [Online] Available at: https://www.temenos.com/en/news-and-events/news/2013/September/temenos-expands-the-availability-of-t24-on-the-azure-platform/.
Temenos. (2017). [Online] Available at: https://www.temenos.com/globalassets/mi/cs/cs-bco-capital-rapid-growth-with-t24.pdf.
Verner, J. M., & Abdullah, L. M. (2012). Exploratory Case Study Research: Outsourced Project Failure.
Hon, W., Millard, C., & Walden, I. (2013). Who Is Responsible for Personal Data in Clouds?
Willcocks, L. P., & Lacity, M. C. (1998). Strategic Sourcing of Information Systems. Chichester: Wiley.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix: Methodology
Appendix: Methodology
See Table 1.
This paper analyses data from the following four sources. For a sector specific view, we will adopt a qualitative approach by using interviews to gather primary data. According to Myers (2009), there are three types of interviews that can be used—structured, semi-structured, and unstructured. This paper will use semi-structured interviews since this format allows the researcher to be flexible about the questions and at the same time, respondents can provide additional details or opinions about their thoughts on the research questions. We believe that this will supplement the information gathered in the quantitative phase, thus enabling us to benefit from the advantages of the embedded mixed mode approach.
To ensure uniformity, “technology risk specialists” from each of the FCA sector’s were selected as interviewees. The interview questions are specifically focused on outsourcing, concentration risk and sector impact. Since the interviews are semi-structured, the respondents will be given sufficient time to elaborate on issues that are important to their sector. Although, there was no a hard stop, we estimate each interview to lasted for about an hour. The interviews were anonymized and transcribed to preserve the confidentially and integrity of the responses.
For the Retail Banks and Payments sector, we will also use anonymized inputs from the Retail Banking Supervisory Review, also known as the Dear Chairman Exercise (DCE-2014 follow-up), which sought to understand levels of technology resilience among the UK’s seven largest banks. This research will support the sector specific findings by using information from significant incidents reported by regulated firms. These incidents are logged into an FCA database that captures fields such as firm name, incident impact and the root cause. Due to the confidential nature of this data, the firm name and associated vendor information were anonymized. However, when such incidents are subject to media coverage, we used the available information from the media to corroborate our findings.
To examine the interview data, we adopted the process suggested by Gioia et al. (2013), which allows the researcher to systematically introduce methodological rigor into qualitative analysis. The approach involves three phases, which begins by grouping similar respondent quotes resulting in first order concepts. In the second phase, these first order codes are organized to identify relationships and correlations (second order concepts) that can be further distilled into overarching aggregate dimensions in the third phase. The advantage of this process is that it can provide a constructive data structure that presents the raw data in terms of manageable discussion themes—drivers of concentration risk and mitigation factors, which could be related back to the original descriptive codes from the interviews.
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Gozman, D., Machaiah, T., Willcocks, L. (2020). Cloud Sourcing and Mitigating Concentration Risk in Financial Services. In: Hirschheim, R., Heinzl, A., Dibbern, J. (eds) Information Systems Outsourcing. Progress in IS. Springer, Cham. https://doi.org/10.1007/978-3-030-45819-5_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-45819-5_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45818-8
Online ISBN: 978-3-030-45819-5
eBook Packages: Business and ManagementBusiness and Management (R0)