The event gave me a sense of nostalgia for my time in the FinTech and payments industry. Before starting Apper.ph, I worked for Voyager Innovations, the digital arm of PLDT/SMART, for almost five years. I lead the architecture, implementation, and platform engineering teams of the payment gateway services of PayMaya’s payment acceptance business unit on top of AWS. The payment gateway service of the business unit grew over the years, processing billions of pesos worth of payment throughput. I am very proud that even after six years since I first worked on it, the service is still growing and is considered the country’s preferred online payment gateway service.
Fast forward to 2021; the cloud is the go-to platform for building digital innovations. If the question for most companies previously is “what is the cloud?” it is now “how do I get started?” There is no doubt cloud computing platforms provide the agility needed to implement, deploy, and manage digital applications and platforms. But for companies in the financial services industry, the use of the cloud requires thoughtful considerations to comply with regulations.
BSP Compliance and Considerations
If you are a financial institution, FinTech, or financial services company operating in the Philippines, there are a couple of considerations that you need to take into account before moving workloads into the cloud:
1) Bangko Sentral ng Pilipinas (BSP) regulated entities, such as banks, non-bank financial institutions, and electronic money issuers (EMI), need to inform and get approval from BSP before moving workloads into the cloud. The IT Risk Management Standards and Guidelines concerning IT Outsourcing/Vendor Management guide outlines explicitly what type of workloads can be hosted on which variety of cloud platforms:
| Workload | Public Cloud | Private Cloud | Community Cloud | Hybrid Cloud |
|---|---|---|---|---|
|
Core operations |
Not allowed |
Allowed* |
May be allowed |
May be allowed |
|
Non-core operations and business processes |
Allowed* |
Allowed |
Allowed |
Allowed |
| Deployment Model | Description |
|---|---|
|
Private Cloud |
A private cloud is operated solely for an institution and is closely related to the existing IT outsourcing models in the marketplace, but can be an institution’s internal delivery model as well. |
|
Public Cloud |
A public cloud is owned and operated by a CSP that delivers services to the general public or a large industry group via the internet or other computer network using a multi-tenant platform. |
|
Community Cloud |
It is a private- public cloud with users having a common connection or affiliation, such as a trade association, the same industry or a common locality. It allows a CSP to provide cloud tools and applications specific to the needs of the community. |
|
Hybrid Cloud |
This model composes two or more clouds (private, community or public). A hybrid cloud leverages on the advantage of the other cloud models, thus, providing a more optimal user experience. |
Public, private, community, or hybrid cloud?
For banks and EMIs, core banking operations systems are allowed only on private, hybrid, or community clouds subject to approval and compliance. From a cloud architecture perspective, this restriction requires that financial institutions operate a portion of the physical infrastructure. Cloud service providers have provided options, like Microsoft Azure Stack and AWS Outposts, to answer these requirements. Using these services allows a financial institution to operate cloud infrastructure hardware within their on-premises location or data center with an option to extend to public cloud services.
There are financial institutions that have achieved approval for hosting core banking systems in the cloud. An example would be Cantilan Bank which has reached the milestone by becoming the first BSP-regulated rural bank to host core banking systems on the cloud. Cantilan Bank uses Oradian’s cloud-based banking system that enhanced security and increased growth with the traditional costs associated with on-premises infrastructure.
Exciting developments for Philippine FinTechs
Diwa del Mundo
Co-Founder, President
Diwa is the Co-Founder, President, and Principal Cloud Architect of Apper.ph. He has lead, built, and architected platforms on the cloud in his fifteen years of experience in the IT industry. He is AWS Certified (12x), GCP Certified, and holds a CISSP®.
