Sign up for free newsletter


George Kaye, Derivitec

The impact of the cloud on risk management

By George Kaye, Derivitec – Much has been written about the cloud and its impact on the financial industry, yet still the ‘cloud’ remains as nebulous a concept (pardon the pun) as Big Data or Artificial Intelligence. Nonetheless, the cloud is indeed one of the most important, if not the most important, technological innovations of this century. Naturally, as someone who has formed an entire business leveraging the near limitless potential of the cloud for effective risk management, I might be expected to hold such a view, but in this short article I will attempt to justify it. I hope, by the time I’ve finished, you’ll be as awe-struck with the power of the cloud as I am.

The cloud IS risk management

The cloud, in a word, is about resilience. When you upload your thousands of can-never-ever-be-deleted holiday snaps to the iCloud, you do so because you absolutely must never, ever, EVER, lose them. The cloud takes your photos of you facing left to the sea, and you facing right to the sea, backs them up, and replicates them so that if, woe betide, your phone falls out of your pocket when you’re, coincidentally, by the sea, they are securely stored, for ever (or until you decide to delete them (perish the thought)). Now let’s apply this idea, somewhat less frivolously, to what you need as a risk manager.

First, you need data, and a lot of it. You need market data, at least end of day, but often live, usually over multiple asset classes, and you need it distributed to multiple users, spread across the world. The traditional solution to this problem was to go to an incumbent vendor and pay heavy fees for much more data than you actually need. In providing companies with an easy way to store and distribute data securely, the costs of data acquisition have fallen markedly. 

We are now moving in the direction of the so-called ‘market data market-place’, as exemplified by such companies as Xignite and Quandl, where users can subscribe to exactly the data feeds that they need, at a cost in line with their usage. Whilst the models of the two companies are rather different, the building blocks are the same. 

Across the world, financial data companies are acquiring data, validating it, storing it robustly and distributing it securely, without having to pay the heavy hardware costs of an on-site data centre. Those cost savings are passed onto you, the consumer. Of course, the usual headache of exchange fees persists, but at least now you’re paying for what you actually need, and can pay more when you need more. Indeed, it might even be argued that the increase in choice of affordable data sets can actually improve the reliability of data used, as the reliance on a single provider has been eliminated. 

But of course, you, the risk manager will also need to run reports as of some point in the past. So, the data used need to be stored. With the advent of no-SQL databases such as MongoDB, you can create a resilient, properly managed database, replicated across the world, in nothing more than the time it takes to set up an account at say, MongoDB’s Cloud Manager. Amazon Web Services (AWS), as a case in point, has done a great job of linking together different cloud architectures to operate seamlessly within its own environment. 

If you want to store your market data for post-hoc analysis, all you need to do is open an account at AWS, apply the security credentials to your MongoDB Cloud Manager account, and voila, you can now deploy a horizontally scaled, geo-replicated, periodically backed up database in AWS in minutes. Your market data is now resilient. And because the cloud has opened up the space to a much wider range of vendors, its quality is probably better too.

The same applies to SQL databases, where the relation between data sets needs to be applied explicitly. A case in point is something like a portfolio structure: which books sit where, who owns them, what’s inside them, who the counterparties to each trade are, etc. You can spin up an encrypted SQL database of your choice through the cloud portal, and set it up for failover and replication as per no-SQL. Gone are the days of potential loss of books and records through hardware failure, and with that comes a radically improved security model which will greatly help in security and regulatory audit.

So, your data model is now resilient, from market data to portfolio and client data. But now you need to do stuff with it. You need to calculate reports, run analysis, compute value-at-risk, control risk limits, etc. Suppose you’re an expanding fund. The complexity and size of your portfolio will probably expand in line with your AUM, but do you have the technology to deal with it? 

Suppose you’ve been running everything on in-house servers. Now you have to buy more servers and figure out a way of parallelising computation between them. With the cloud, resources are innately scalable. With the right technology (hint, ours) virtual machines can be spun up and down automatically in response to your needs. Should one server fail for some reason, another one will automatically be spun up to take its place. All of which means that you, the risk manager, will be able to compute your reports, whenever you want, regardless of the size and complexity of what you need to calculate. In short, your entire reporting framework is now resilient.

In fact, the whole model goes deeper still, as with the advent of things like AWS’s Cloud Formation, your entire cloud architecture can be re-created at a touch of a button. Data, services, backup processes, applications, the lot, in a data centre of your choice. You can now literally obliterate your entire risk infrastructure and re-create it in minutes. In other words, your entire risk operation is now without operational risk. 

And finally, the cloud is in a constant state of development, as the rival platforms compete for market share. Services can now be scaled in seconds, rather than minutes. New technologies, be they block chain or so-called AI (machine learning, to give it its proper title) are being integrated seamlessly into the range of services available, allowing you to benefit directly from these innovations the moment they upgrade. Which means that not only is your infrastructure de-risked to the present, it’s an active participant in the future too. Now isn’t that what risk management should be all about? 

I hope I’ve made you as excited by the power and potential of the cloud as I am. If you’d like to learn more about what the cloud can do for you, feel free to email me, George Kaye, at Thanks for reading!

other gfm publications