Bank of America and IBM have worked to create a public cloud that has security, privacy and bank-specific regulatory compliance built in, the computing giant announced Wednesday.
Governance, risk and compliance consumes about 20% of the operations costs of most major banks, Bridget van Kralingen, IBM's senior vice president for global industries, clients, platforms and blockchain, told American Banker. For that reason, she said, banks have been reluctant to move their production workloads to public cloud providers.
Bank of America has worked to consolidate its infrastructure footprint as part of an internal cloud strategy. But CEO Brian Moynihan, in an October earnings call, said third-party cloud providers are 25% to 30% cheaper. At the time, Moynihan said the bank was negotiating with potential providers.
High-profile breaches such as this summer's Capital One data leak have piqued regulators' attention and heightened pressure on banks' cloud partners, such as Amazon Web Services (AWS) in the Capital One case.
IBM began working with Bank of America on the public cloud platform 18 months ago, Hillery Hunter, chief technology officer of IBM Cloud, told CIO Dive. The platform's data security and resiliency standard is safe for its 66 million customers, Hunter said in a sentiment echoed by Cathy Bessant, Bank of America's chief operations and technology officer.
"By setting a standard that addresses the concern of hosting highly-confidential information, we aim to drive the public cloud to a safety level that is unmatched," Bessant said in the press release.
Bessant said her bank's foray into the cloud began as an exercise in efficiency. Bank of America once had 200,000 servers and 60 data centers but now has 70,000 servers and 23 data centers, she said.
The bank spends $2.1 billion less per year on infrastructure than it did in 2012, largely because of the private cloud, she said, adding that the public cloud will eventually become the most cost-efficient option.
"While the economics [of an internal cloud] are great today, they're not going to be great forever for us," Bessant told American Banker.
She said the bank would not use a public cloud unless the cloud provider's controls matched the "cocoon" of controls the bank placed around its own internal cloud in the areas of security, privacy and compliance.
"Our customers because our customers expect it, and regulators are growing their focus on this," she said.
Promontory Financial Group, IBM's regulatory compliance arm, said it intends to keep the platform's compliance load up to date as regulations change. That includes building into the cloud a compliance with international rules, such as Europe's GeneraI Data Protection Regulation.
The regulatory concerns of the financial services industry extend to "not only a bank, but also their responsibility for their third-party providers," Hunter said.
Bank of America's partners can use the platform "to enable the creation of a stack that is compliant by design for them," Bessant said. "Today some of the midsize and smaller financial institutions have a hard time putting together a compliant-by-design stack because they don't have the leverage individually," she said, according to American Banker.
Landing Bank of America is a big win for IBM, which held a 1.8% share of the public cloud market in 2018, trailing AWS, Azure, Alibaba and Google Cloud. The computing giant can highlight the platform as it looks to expand further with banks. IBM already has "extensive partnerships" with Santander and Bank of the West, among other financial institutions, Hunter said, and relationships with 10 of the "largest financial institutions in the world," according to the announcement.
"We have looked each other in the eye numerous times during all of this and said this could revolutionize a lot of the way we think about technology that supports all of our development and our production," Bessant said.