Financial Institutions in Taiwan Going for Cloud with FEC’s New Law
After the Financial Supervisory Commission (FEC) promulgated the draft amendments of “Regulations Governing Internal Operating Systems and Procedures for the Outsourcing of Financial Institution Operation” in the open hearings in 2019, the financial services industry in Taiwan has entered a new era for cloud adoption. Financial institutions worldwide have also been adopting AWS services over the years. Cloud platforms and infrastructure can provide a scalable and adaptive infrastructure for fintech, open banking, blockchain, and digital bank, enabling these emerging financial institutions to focus on building their business solutions.
This newsletter summarizes how financial institutions in different countries have used AWS to provide better services and how these companies have benefited from the cloud to innovate their operational processes.
Digital Bank & Open API
In many countries, digital banks can outsource different functions and such as KYC, payment processing to third-party vendors. These partners can build their solutions on the cloud to create a seamless digital financial ecosystem. With this operating model, financial institutions can build a secure and scalable innovation platform on AWS to meet regulatory requirements while developing new business models.
These emerging financial service providers with banking licenses are sometimes called “challenger banks” because of their focus on modern FinTech practices comparing to traditional banks. UK’s Monzo is one of the most prominent “challenger banks”, with more than 400 micro-services deployed on AWS. Their services enable its 1.7 million users to quickly perform operational tasks like fund transfers, freeze and unfreeze lost cards, and other services.
AWS Open API is a flexible solution built for such ecosystems that can be integrated with existing systems or new serverless and microservice banking technologies. Financial companies can use API Gateway on AWS to connect with application APIs of third-party vendor programs, as shown in the following figure:
Financial institutions often need to store and process a large amount of data to achieve compliance/regulatory requirements and conduct business analysis in order to provide better services. To achieve such goals, companies would have to collect and store structured data (CRM and transaction data) as well as unstructured data (chat record translation, social media, and mobile interaction records), and because of the large volume, the data collection process needs to be scalable and fast for the companies to achieve operational efficiency.
Financial institutions can build data lakes in Amazon S3, and store structured and unstructured data into S3 through batches or API. When performing analysis, data stored in S3 can be copied into Amazon Redshift or connected to Amazon Athena and Amazon Quick Sight for data query and analysis.
National Australia Bank (NAB) also deployed their data lake on AWS to ingest data from hundreds of data sources. With cloud deployment, NAB is able to access data in real-time via API, and load the data into various AWS or external services.
Data lakes can be used to train AI/ML models to perform tasks such as money laundering prevention and fraud detection. IT staff can use tools such as TensorFlow, MXNet or PyTorch to create their own ML model from scratch, or adopt Amazon SageMaker on AWS to train ML models by combining data lakes, selecting suitable algorithms, training, and calibrating models. If financial institutions without AI/ML experience wish to perform fraud detection services through machine learning, they can consider adopting the Amazon Fraud Detector released at the AWS re:Invent 2019 conference, a tool to build and deploy high-quality fraud detection ML model quickly.
Financial Industry Regulatory Authority (FINRA) from the US, for example, implemented its transaction monitoring on AWS ML services. With the highly scalable infrastructure, they can quickly process hundreds of millions of data to monitor stocks and option trading events to quickly identify activities in the financial markets.
Information Security and Compliance
In the financial services industry, financial institutions must not only address the threats and loopholes faced by their operations but also develop their cybersecurity posture in line with their regulatory environment.
In AWS, security and compliance is a shared responsibility between AWS and the customer. This shared model can help relieve the customer’s operational burden as AWS operates, manages, and controls the components from the host operating system and the virtualization layer down to the physical security of the facilities in which the service operates.
In short, AWS is responsible for “Security of the Cloud”, including protecting the infrastructure – hardware, software, networking, and facilities – that runs all of the services offered in the AWS Cloud, while the customer is responsible for “Security in the Cloud”, including customer data encryption, applications, IAM authority control, etc.
Information Security-related services on AWS
- Amazon CloudWatch: Real-time monitor of AWS resources, including EC2 Instance, EBS, and S3 Bucket. These AWS resources automatically provide metrics such as CPU utilization, latency, and a number of requests.
- AWS Cloud Trail: Automated tool to record, monitor, and retain events related to API calls throughout the AWS infrastructure.
- AWS Guard Duty: Threat detection service that continuously monitors malicious or unauthorized behavior to help you protect your AWS account and workload. It can monitor activities, such as unusual API calls or potentially unauthorized deployments.
- AWS Config: Evaluation tool for AWS resources configuration. AWS Config continuously monitors and records your AWS resource configuration and allows you to automatically evaluate records based on the required configuration.
- Amazon Macie: Automatic detection and protection tool of confidential data in AWS through machine learning.
- AWS CloudHSM: A cloud-based hardware security module that allows you to generate and use keys on AWS.
- AWS Artifact: Auto-generated compliance reports on AWS, which can be used for company audit or evaluation. Businesses can also use the AWS Compliance Center to inquire about the relevant regulations and questions and answers of financial companies in various countries on AWS compliance.