The document summarizes a presentation about managing cloud risks and APRA regulatory requirements. It discusses how digital disruption is impacting financial services through companies like Alibaba. It defines cloud computing and outlines the 8 risk domains and new paradigm it introduces. It summarizes APRA's regulatory standards regarding outsourcing and data management. Finally, it encourages utilizing the APRA framework to understand cloud risks and opportunities to make effective decisions regarding digital disruption.
4. Mobile devices have changed the way business engages with customers
Digital Disruption - Products
GPS systems
Landline
Telephones
Dictionaries
Encyclopaedias
Gaming
Torches
Blackberry
Music
players
Photo
processing
6. Big Data
Single Ecosystem
Unbundling
Digital Disruption – Financial Services
Alipay:3rd party and mobile wallet payment platform
• 300 mill real name users (triple the size of Paypal)
• 80 mill transactions/day
• 37mill small businesses buy and sell
$537bill in transactions on it’s platforms in 2014.
Partners with 65 financial institutions.
Yu’ebao: money market fund
• $128bill under management
• 185mill users
Zhao Cai Bao:
• peer to peer lending - $55bill invested
Mybank:
• all-digital bank
• open 24/7
• no physical branches
• only 300 employees
• cloud computing
Sesame Credit:
• Online credit scoring platform
eBaoTech: Cloud Insurance Platform
• 1000 staff focussed on insurance tech
8. Lucy Peng,
CEO Alibaba
“We have an opportunity
to use internet methods,
internet technology and
internet thinking to disrupt
traditional finance.”
9. Cloud Definition
“vast computing resources will
reside somewhere out there in the
ether (rather than in your computer
room) and we’ll connect to them
and use them as needed.”
- Jonathan Weber (The Times Online)
12. ► New risk and security paradigm
► New cost models
► New skills required
► Changed operating models
► Vendor management focus
► Data management focus
► Regulatory approval
Cloud: a key Enabler
Integration
Reduce costs
Increase Productivity
Facilitate collaboration
Data and Insights real time
New ways of working
Self service for customers
Speed to market
Ease of interaction
Mobility. Devices and location
Increase competitiveness
Seamless customer experience
Moving to the Cloud brings
and
13. APRA: Requirements of the Regulator
APRA approval for material outsource activity
● Notify APRA early
● Preservation of the quality of data and information
● Continue operations following loss of service
● Compliance with Prudential standards
Key Insights:
Ensure risks are understood and managed
14. APRA: Standards and Guidelines
● Outsourcing and offshoring (ref: CPS231 and PPG231)
● Managing data risk (ref: CPG235)
● Business continuity management (ref: CPS232)
● Pandemic Planning (ref: CPG233)
● Security risk in IT (ref: CPG234)
Relevant to Cloud and IT:
15. “Risk management practices, including risk
identification and mitigation techniques, are
still maturing for these types of arrangements.”
APRA Outsourcing Information Paper.
6 July, 2015
16. Cloud: 8 Risk Domains
STRATEGY AND
SOLUTION
PROJECT
DELIVERY
IT SECURITY
& DATA
MANAGEMENT
GOVERNANCE
RISK &
COMPLIANCE
OPERATIONS
VENDOR
MANAGEMENT
RESILIENCE
APPLICATION
& DATA
MIGRATION
17. Cloud: New Risk Paradigm
Insights:
RFP and vendor selection criteria
Transition Out conditions
Short term contracts
OPERATIONS
Insights:
IT operating model impacts via RACI
Cloud specific operational processes
New skills and capability
VENDOR
MANAGEMENT
18. …..establish confidence to become cloud ready
What we do
18
Compliance
and
Regulatory
Approval
Cloud Operating
Capability
& Maturity
Aggregated
Cloud Risk
Profile
Solutions to
Close Gaps
Maturity
Uplift Ready
for Cloud
19. In conclusion
Utilise the APRA regulatory framework.
Know your cloud risks and gaps.
Approach your cloud journey with confidence.
It’s just good practice
Digital disruption will accelerate.
Know your opportunities and risks, to make effective decisions.