IBM RegTech Innovations

The cloud advantage: Three approaches for implementing cloud for risk management

Share this post:

Compared to traditional data centers, I believe that cloud computing has several characteristics that make it an attractive platform for risk management. First of all, the compute requirements for risk management can vary over time. Cloud provides the ability to scale up resources during peak periods and scale them back down when they are not needed. For example, typical market and credit risk implementations involve large simulations that require a large number of cores on a nightly basis. Similarly, banks with asset liability management, and insurance companies running strategic asset allocations against liability cashflows, also have simulations that have signification computational requirements but may run on a less frequent basis (e.g., weekly, monthly, or quarterly).

A second cloud characteristic that is appealing for risk management is the capacity for allocating a very large number of cores to a job. Whereas data centers are limited by their maximum capacity, clouds provide the ability to scale far beyond the size of a typical data center.

A third characteristic of cloud that is especially relevant for risk management is the charge metrics. Cloud computing typically uses a “pay as you go” model based on utilization. In other words, you pay for what you use. Given the cyclic nature of risk simulations, this means that organizations can align costs with operations and help avoid the problem of “peak provisioning.” Combined, the second and third characteristics should prompt firms to rethink the trade-offs between cost and performance. The trade-offs represent an efficient frontier – firms can now use cloud to select new optimal points.

Given the benefits of cloud for risk management, there is one question that everyone is asking: how do I get to cloud? Obviously, everyone’s situation is slightly different but we have found that the “hybrid cloud” approach is ideal for many financial institutions. In hybrid cloud, the organizations can run a majority of the risk system in their own data centers but run the computational, expensive parts on cloud.

Many institutions have spent years implementing or developing their risk systems, customized to meet specific business requirements. Hybrid cloud implementation helps firms to preserve the customizations while still gaining the scalability benefits of cloud computing. In many cases, a straight ASP or SaaS model is not a viable option either because they don’t support hybrid cloud and can’t be tailored to address client requirements, or the expense of those customizations undermines the cost advantages of moving to cloud.

A second possible approach is to procure virtual machines (or bare metal servers) from a cloud provider. Under this scenario, the servers in the cloud can be used to run select components of the risk system. Although this approach allows firms to break out of the constraints of existing data centers and address scalability, it can require a significant IT investment to manage the entire process in a production environment. For example, IT has to create and maintain cloud enabled images of software components, manage horizontal scaling, define and implement methods for starting and stopping processes, build APIs for invoking jobs, and more.

IBM has taken a third approach to supporting hybrid cloud for risk: developing microservices that perform basic operations essential to risk management such as pricing and simulation, scenario generation, and portfolio optimization. These microservices are encapsulated in RESTFul APIs which are designed to be integrated into existing risk workflows and which allow firms to migrate computational expensive calculations to cloud. Because the microservices cover atomic operations like instrument valuation, solutions can take advantage of the scalability of cloud while retaining key customizations as part of the on-premises workflow. Furthermore, the microservices are designed to not require any IT support because IBM handles all those activities behind the scenes. An additional IT support service contract is not required for the microservices.

For example, IBM regularly rebuilds the Docker images for the services where known security vulnerabilities are addressed, manages the Kubernetes cluster to provide horizontal scalability, performs regular testing to make sure the services have acceptable response times, ensures the services are fault tolerant, and provides encrypted storage for client data. As a result, new instances of the services can be deployed, usually in a matter of minutes which can lead to several additional benefits. First, it reduces the implementation time because there is no need to build IT processes to manage cloud resources. Second, it allows the services to be integrated into new workflows that fall outside the scope of traditional risk management but still require the same analytics (think about wealth management or performing a one-time analysis.)

The target architecture of the future for all risk solutions will likely involve cloud. This is driven by the large volumes of hardware required to run risk simulations and by the fact that these simulations run periodically, for example, daily. When the simulations are not running, the hardware requirements are significantly less, typically by several orders of magnitude.

The requirement for dynamic scalability, coupled with cloud’s typical “pay as you go” model, make it a very attractive platform for risk systems. However, getting there can have challenges. As a first step, many firms will adopt a hybrid cloud approach. Compared to alternatives, I believe that IBM microservices provides a practical and cost-effective way to start the journey to a cloud architecture.

To learn more about more about leveraging cloud for financial risk management, register for our webinar “IBM RegTalk – The cloud advantage for financial risk” taking place on June 19th, 2019. The session will feature a discussion on the power, breadth and flexibility that cloud can bring to financial institutions and innovative new cloud API technology from IBM. For more information and to register, click here.

Director of Research, Innovation & Financial Engineering - Financial Risk

More IBM RegTech Innovations stories

IBM in “Leaders” Quadrant of 2019 Gartner Magic Quadrant for IT Risk Management, fourth report in a row

Our goal has always been to provide our customers with the tools and insights that help them meet their governance, risk and compliance (GRC) needs, and we do so, by leveraging the innovation of IBM within a single ecosystem. It’s gratifying to see IBM once again positioned in the Leaders Quadrant of the 2019 Gartner […]

Continue reading

Survey shows that tools with strong user experience are key to better risk management across the enterprise

Today, risk-awareness and risk averse behavior is the responsibility of everyone in the firm, so staff need to be able to engage in the common goal of regulatory compliance. In the current complex regulatory environment (see Figure 1), and with growing costs associated with reporting, Know Your Customer (KYC), sanctions and the like, it is […]

Continue reading

What customer complaints can tell you about your experience (and your compliance)

Until recently, the words “customer experience” and “compliance” didn’t really come up in the same conversation – let alone exist in the same universe. The former was the domain of customer care professionals, contact center managers, marketing leaders and digital strategy teams with the goal of helping streamline and simplify products and services, as well […]

Continue reading