Will SBP’s Cloud Policy finally make financial services more efficient?

Years after the great cloud revolution, Pakistani financial institutions are finally set to enter the new age. The State Bank recently published the Framework on Outsourcing to Cloud Service Providers (CSPs), allowing its regulated entities to migrate to the cloud. In this piece, we will look at the main takeaways from the policy and the impact it will have on the local industry, both banking and IT services.

Banks/MFBs

What does the policy say? Banks, microfinance banks and the upcoming digital banks will now be able to outsource all their material and non-material (critical/private and non-critical/open) workloads to local CSPs. If they wish, they can also move their non-core data to international cloud platforms. 

Instead of building their own on-premise servers, banks can turn to reputable local CSPs for improved service quality and meet their urgent requirements for more computing power without going through lengthy and expensive procurement cycles. 

Pakistani banks have long faced issues with scale which causes service inconsistencies and bad customer experience. This could be greatly mitigated by mass level cloud adoption, which would allow for greater flexibility. Their digital assets, such as mobile or internet banking, can benefit from the additional scale available to handle increased customer queries and transactions. 

As a result, the cost of running an efficient infrastructure should also come down. This is because on-premises hardware is usually bought at certain points in time and often ordered in excess capacity since the IT departments want to make the procurement future proof, especially to avoid the hassle again. That and the dollar rate on imports makes the cost almost always non-competitive against the CSP offering, which mimics business needs and growth more closely. In a nutshell, new products and services can be tested and introduced with short timelines. 

EMIs and PSO/PSPs

Electronic Money Institutions (such as digital wallets like Nayapay) and Payment Service Operators/Providers (example: Safepay), who are inherently more digital, have been granted more flexibility. They can use international CSP’s for even their core services and to augment their businesses.

This means that the time to market for digital financial products and services can be cut short. By accessing the wealth of cutting edge services on international clouds, especially around AI and machine learning, more customer centric solutions can be created to further accelerate financial inclusion and push financial activity.

Many existing EMIs want to offer a wider range of digital services to customers around gaming, content services etc that currently do not exist in Pakistan. With the new policy, it’d be infinitely easier for them to integrate or collaborate with new partners.

On the governance side, EMIs have already been directed to have all the necessary departments fully staffed and audited by the SBP to ensure full adherence to guidelines enforced under the licensing regime which would allow them to meet all the requirements under the policy document.

Domestic CSPs

Domestic CSPs have long been talking to the SBP about allowing local banks and financial institutions to host their critical systems on local clouds with assured security and compliance guidelines and controls. The financial sector, especially the banks, has traditionally been the biggest spenders on IT products and services and spent over Rs6.1B on hardware in 2021. 

Hence, their participation in cloud is key to the growth of domestic IT services players, including CSPs. However, banks and FIs have been unsure on regulations related to the use of local CSPs and continued to operate in a gray compliance area. This resulted in very basic or small deployments. With the clarity in the new policy, CSPs that comply to significant standards, such as ISO, PCIDSS, GDPR among others, can target banks with advanced services which will also lead to the growth of local CSP’s and the introduction of cutting edge services driven by the bank/FIs’ needs.There are already quite a few local players that have the infrastructure as well as the controls to fully take advantage of this opportunity.

The State of On-Premise Infrastructure in Pakistan

On-premise is getting more difficult to maintain due to the reliance on operational mechanisms in Pakistan. The cost of power, availability of human resources as well as that of building out the necessary infrastructure is increasingly making on-premises deployments an inefficient option. 

If we take the scenario today, with the sharply rising cost of the dollar and difficulty of availability and import of servers, banks and FIs need not concern themselves with such a heavy part of operations especially if it’s not their core business. This on-prem infrastructure rarely mimics current needs and are usually bought at scale assuming future needs that may or may not be there due to evolving software components and their associated efficiencies.

To be honest, as someone who’s been in this field for more than 18 years, banks take their on premises infrastructure as a show of strength and boast about the size of their data centers and quantity of servers that reside in it. The assumption is that the larger or more successful the bank, the more expensive its infrastructure will be. In more developed markets, complexity and quality of services have little to do with cost and cloud services are used to deliver efficient, future forward products and services at a fraction of the cost.

Given the current stress on the dollar and the need for reduction on expensive imports, I think this policy is very timely and can greatly reduce individual banks’ dependencies on importing similar hardware for similar services if CSPs are used properly.