No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

How the EU Can Usher Its Financial Firms into the Modern Era

The Dichotomy Between SaaS Adoption in the U.S. and Europe

by Alex Viall
September 14, 2020
in Featured, Financial Services
software as a service (SaaS) technology concept on virtual screen

Behavox’s Alex Viall explores differing views toward adopting cloud-hosted software by financial services companies in the U.S and EU. Alex examines regulatory and cultural differences, predicts consequences, and suggests an alternate path forward for an industry always striving to remain competitive.

Over the past decade, software-as-a-service (SaaS) solutions have become all the rage. Or so you would think. Closer scrutiny of the traditional financial services market, most notably in the E.U. when compared to the U.S., suggests a very cautious approach to adoption. As the pandemic ushers in a wave of economic challenges, European businesses should embrace SaaS as a more resilient infrastructure for both customers and employees alike.

SaaS is part of a subset of services that live in the cloud, which is used to enable ubiquitous, convenient and on-demand network access to a shared pool of configurable computing resources. This system allows for the swift building of an infrastructure to host numerous applications that can be quickly delivered to the customer. The cloud hosts service models including SaaS, platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS). SaaS, PaaS and IaaS are all subsets of cloud software similar to how cars, trucks and motorcycles are subsets of vehicles.

SaaS is not a new phenomenon. It is a modern, efficient method to supply online applications and services to customers. Retail consumers are regular beneficiaries of SaaS, but its adoption by the corporate customer is just barely becoming mainstream in some E.U. regions.

Salesforce Started the Gold Rush in California – the Rest of the U.S. Quickly Followed

Salesforce epitomizes the pioneering and disruptive approach U.S. corporations took in delivering cloud-hosted service applications, a movement that began 20 years ago and has taken hold at all levels of corporate life. SaaS provides several benefits, such as agility and lower infrastructure costs.

One of its most significant benefits is remote access to corporate environments, enabling speed, creativity, collaboration and continuous service. It obviates the extra burden of on-premise housing of applications and data that carry heavy hardware investment, installation and on-site maintenance, not to mention the limitations of fixed infrastructure that cannot be upgraded instantly like cloud-based provisioning.

The territorial battles between cloud computing giants demonstrate the value and potential of the cloud service opportunity across corporate America. Microsoft, Amazon Web Services (AWS) and Google are trading punches to control the top spot as this market continues to expand.

The most notable converts to cloud computing and the various service applications it enables have been regulators and associated government bodies, as well as some unlikely banking organizations with large retail customer bases. The best example of an early adopter is the Financial Industry Regulatory Authority (FINRA) in the U.S. An SEC-appointed agent, FINRA regulates and supervises all registered broker-dealers in the U.S. and has been a committed and vocal proponent of the cloud and the advantages it offers for some time.

There is no more powerful endorsement of trust in cloud-stored data than knowing your own regulator holds highly sensitive reports submitted by the firms that it regulates off-premise and in shared data locations around the country. The U.S. agent has set an example for the American financial services industry, validating the embrace of cloud-stored data systems, establishing a precedent that has been followed closely by many of the firms it regulates.

The European Laggards

Across the pond, the option to host data in the cloud continues to be met with serious reluctance. Though the most stringent, exacting regulator of the U.S. has publicly promoted using the cloud and its beneficial services, companies in the E.U. remain hesitant and slow to implement such solutions. It can be argued that European firms are preventing their own financial services industry from fully entering the modern era by impeding institutions from maximizing collaboration and efficiency and hesitating to embrace SaaS.

There are a variety of explanations for the differences between the two regions. One is purely cultural and historical, driven by the advanced foothold the technology industry has held in the U.S. For decades, the country has been a fertile ground for technology innovation and business startups. This pre-eminence rubs off on other industries that rely on technology to grow and compete.

The harsh reality is that E.U. firms’ willingness to incorporate SaaS solutions is not going to change overnight.

Where on Earth is my Data?

The General Data Protection Regulation (GDPR) became effective in May of 2018. It governs data protection and privacy for the E.U. and the European Economic Area. After an initial flurry of activity from businesses rushing to comply, industries entered a honeymoon period where they observed how their own “local = national” data protection authorities (DPAs) interpret and apply GDPR. As enforcement cases start to rise, businesses have begun to understand what sort of compliance breaches are deemed intolerable on a case-by-case basis, as well as the size of fines attached to these enforcements.

In some cases, penalties have been significant. The top six fines since 2018 total nearly €500 million.

  • British Airways – €6 million
  • Marriott International Hotels – €3 million
  • Google Inc. – €50 million
  • Austrian Post – €5 million
  • Deutsche Wohnen SE – €5 million
  • 1&1 Telecom GmbH – €5 million

This complex and considerably harsh regulation across the E.U. has instilled a sense of trepidation within financial services firms. It is likely that European institutions fear cloud-based solutions intruding into strict data sovereignty issues within GDPR.  

Welcome to the Balkans

Complying with national data protection requirements adds new complexity to GDPR. Financial services businesses that have extensive branch and office networks across the E.U. must house and handle the data they capture with extraordinary care and also represent the individual identity and idiosyncrasy of the country from which it emerges (based on residency). In Poland, certain data held by financial institutions must only be viewed and handled by nationals of that country. Germany and France also have extremely stringent applications of the core tenets of GDPR, which makes it incredibly difficult for global businesses to adopt a centralized approach to the capture, storage, processing and handling of their data. The impact has led to a “balkanized” structure that has significantly obstructed the adoption of widespread cloud-based applications. The variation in national regulation makes it quite difficult for the E.U. to embrace technology in a streamlined, succinct manner.

History Plays its Part

There have been compounding factors fuelling the mistrust of cloud storage in Europe. First, providers were perhaps not as aware of the issue as they should have been. Second, the establishment of data centers in each national location was not a high priority.

Furthermore, regulators have not been as overt in promoting the use of the cloud and its flexible software service models as they have in the U.S., and some would argue they have discouraged it with excessive, indirect scrutiny of outside vendor relationships, slow reform of rulebooks to accommodate cloud provision and continued debate about the exposure to such a concentrated market structure that might be viewed as an oligopoly (e.g., AWS, Microsoft, Google) through the anti-competitive lens of the E.U.

While we are on the subject of competition, it is worth mentioning that many of the larger financial institutions one would expect to forge ahead – striving to improve margins and compete in their own space by utilizing the cloud and its services models – are paranoid of the cloud companies themselves, viewing them as future competitors in their own backyard. Amazon is, in this sense, a company some large European banks have actively avoided supporting.

Don’t Underestimate the Technology

The final driver in the disparity across regions is the talent, capability and experience required to work in remote, decentralized work environments due to COVID-19. Compliance and IT departments need to quickly become more comfortable with the sophistication required to properly handle and govern data in the cloud. What’s more, firms must be able to explain this swift transformation and demonstrate a full audit trail to regulators and other third parties. The U.S. simply has more experience and a deeper bench of knowledge when it comes to the technological talent required. Europeans are more comfortable knowing that their data is “in the building.” The past six months have exposed the limitations of this approach. It’s akin to wanting to keep all of your money under your mattress.

This gap in attitude and regulation will continue to shape a landscape where the European consumer can expect personal data to be protected to the highest possible standards, but this protection comes at the expense of the competitive capability of European enterprises, who will find it increasingly hard to contend with their counterparts in the U.S. (and indeed Asia).

The Answer? Run, Don’t Walk

While the E.U.’s careful navigation of the changing cloud technology landscape is understandable, its reliance on the status quo and playing regulatory defense will leave its financial institutions struggling to keep up with U.S. and Asian counterparts. In order for some of the world’s largest financial districts – London, Paris, Frankfurt, Copenhagen, Milan – to maintain cutting-edge currency and wade through the uncertainty of the pandemic (and subsequent remote work), the E.U. will have to work toward embracing the cloud and SaaS business models in the years to come.

Looking ahead, it will be extremely important to consider creative ways to promote the benefits of cloud applications and software service models to Europe. While the E.U. will always face specific cultural barriers when considering new technologies, one way to normalize cloud-hosted service models would be to have one of its main regulators or government bodies utilize cloud technologies, similar to that of FINRA in the U.S. If an entity with vast influence were to embrace these technologies, the entire continent should soon follow suit and normalize these agile advancements while witnessing its offerings first-hand. SaaS can alter an organization from the inside-out, which is why financial firms in the E.U. should run, not walk, to embrace such a flexible solution during this unprecedented time.


Tags: Cloud ComplianceFinTechGDPRTechnology
Previous Post

Critical Lessons from the Volkswagen Scandal

Next Post

Live Updates from SCCE’s Now-Virtual 2020 Compliance & Ethics Institute

Alex Viall

Alex Viall

Alex Viall is Head of Regulatory Intelligence at Behavox. Alex has more than 30 years of compliance and regulatory experience in the United Kingdom and United States. His journey from regulator to compliance officer to regulatory entrepreneur makes him a rare commodity. He understands the financial regulatory space intimately, playing an important role as a regulatory knowledge base for our teams and customers alike. Alex began his career as a regulatory supervisor for the U.K.’s Financial Services Authority (FSA), before becoming an investment bank compliance officer. He later founded Complinet, a software business that provided a compliance platform for governance, risk and compliance, before it was ultimately acquired by Thomson Reuters in 2010. At Behavox, he serves as a consultative partner for customers. He also manages Behavox’s thriving community of compliance practitioners, which shares best practices and benchmarking to meet the highest regulatory standards. Alex holds an L.L.B. from the University of Bristol.

Related Posts

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

minidata_b

Honey, I Shrunk the Data: How to Keep Customer Info on a Need-to-Know Basis

by Parker Poe
November 30, 2022

It may be tempting to hoard the data you have gathered on your customers, but an increasing number of regulations...

data spillage

Instead of Crying Over Spilled Data, Shore up Your Governance Practices

by Rich Hale
October 12, 2022

The reputational damage and compliance failures that result from a data spillage incident are well-known, and as the volume of...

uk ico data access

UK’s Data Protection Regulator Signals Crackdown on Access Request Violations

by Jonathan Armstrong and André Bywater
October 5, 2022

Data privacy laws in the EU and UK established the right of individuals to find out what personal information organizations...

Next Post
rock it man entertainment at scce virtual happy hour

Live Updates from SCCE's Now-Virtual 2020 Compliance & Ethics Institute

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT