Blog· 6min May 3, 2023
Talk to anyone outside the banking and payments industry about operational resiliency and you’ll probably notice their eyes glaze over quite quickly, but for those of us in the industry it’s a hot topic right now. And rightly so, with the forthcoming launch of the highly-anticipated real-time payments service FedNow scheduled for July, ensuring operational resiliency and availability should be at the top of a bank’s list of priorities.
If you need a snappy definition of what operational resiliency means, from a bank’s perspective it’s about ensuring that you can offer your service to customers on a 24/7 basis.
But it isn’t just about customer relations, it’s also a requirement for involvement with FedNow.
The Fed's rules around FedNow participation are clear that high availability and resiliency are mandatory, with the threat of expulsion from the scheme for consistent offenders.
The Fed makes it quite clear that it's on participants to "develop, implement and maintain their own contingency and recovery plans to ensure their ability to continue their FedNow Service operations in the event of equipment failure or other operational interruption".
Unless the issues have arisen from "acts of war, riots, civil unrest, strikes, labor disputes, acts of terrorism, acts of God, or acts of nature," you'll be at risk of being kicked out, which means all your hard work to implement FedNow will have been wasted, and you'll likely have some unhappy customers to boot.
Given the demands of a real-time payment network, it’s no great surprise that the Fed’s requirements are so tough. Existing members of TCH's RTP network will know that they have to ensure, "the adequacy of participants’ operational capacities to meet obligations arising from participation,” which means banks must prove to TCH that their technology is capable of supporting continuous operations. Failure to comply could lead to suspension or termination – a hefty price to pay for technical issues that you have no control over.
Fortunately, by taking the right approach to resiliency and availability, banks can avoid falling out with the Fed – and their customers. One of the major approaches to handling this is the effective use of cloud infrastructure. And if you look 10 years in the future, we need to consider not just a single cloud, but multiple clouds.
Sign up for our webinar – Navigating the Integration and Resilience of New Payment Schemes: Strategies for Success in the Era of APIs and Cloud Technology at 1:00PM eastern on May 10 where we’ll discuss some of the key issues surrounding resiliency and availability, and why multi-cloud solutions are best placed to ensure you can provide your customers with a 24/7, real-time payments service.
Many banks and financial institutions have moved at least some of their operations to the cloud in recent years. Rather than relying on physical, owned infrastructure that comes with all sorts of maintenance and operational challenges, it makes sense that they would look to flexible, scalable cloud solutions for key services such as payments – especially as we move towards a real-time payment future.
The problem with using the cloud, though, is that you put your trust in a third-party provider. If they were to suffer some kind of technical issue or complete outage, then your ability to meet your customer’s payment needs would be seriously affected. And a full cloud outage would have a catastrophic impact on the economy; there are only a handful of cloud providers servicing the industry, all of which have a large volume of payments flowing through them.
Cloud providers typically operate sets of data centers (called Availability Zones or AZs), spread across one region. If there were a failure affecting all the AZs in that region, payment services that are operated in that particular region would become unavailable. In such a scenario the financial institutions and payment service providers would fail over to an alternate solution – like another cloud region or physical data centers for the duration of the outage. Such fail overs can take hours to achieve – causing major disruption to the availability of payment services.
When it comes to ensuring resiliency and availability of services, using one cloud provider is risky. Everything depends on that one provider, which may ensure data and systems security, balanced costs, scalability and other benefits that a single-cloud strategy may not provide.
That’s why it’s not advisable to put all your trust in just one cloud, but to spread efforts among multiple providers instead. Rather than relying on just Amazon Web Services, or Google Cloud Platform, or Microsoft Azure, using all three can solve the resiliency and availability issues of using a single cloud provider – but only if done in the right way.
The gold standard multi-cloud approach, pioneered by Form3, uses cloud-agnostic technology to plug a bank’s payment platform into three cloud providers. If one cloud provider suffers an outage, payments can still flow uninterrupted. The payments data is fully synchronized across the three clouds, meaning customers can always access accurate information about their payments across cloud endpoints.
The multi-cloud approach can survive a cloud region failure or full cloud provider outage, while also overcoming the concentration risk of having a high volume of payments going through just one provider. Regulators and the Fed are likely to look more favorably on payment platforms run on the multi-cloud principle for this very reason.
And this leads us neatly into another area where the multi-cloud approach is beneficial: avoiding cloud provider lock-in. Regulators are closely monitoring the cloud services industry to ensure that one provider doesn't establish a monopoly, or tie clients into unfair or overly expensive contracts. Any banks that are signed up to a single provider need to have a viable exit strategy; using cloud agnostic technologies is vital for a seamless switch between providers.
A multi-cloud approach is the most logical way of bringing your bank in-line with the requirements set out for membership of FedNow. If you rely on a single cloud provider and they suffer a technical problem or outage, then the Fed and the Reserve Banks are going to hold you responsible. Using multiple clouds means you always have a backup.
FedNow also has some fairly strict rules around when maintenance can take place on infrastructure that is necessary for supporting real-time payments, but using a multi-cloud approach means that any maintenance required can be carried out on each cloud with little risk, as payments can still flow through the others. There’s no disruption to your 24/7 real-time payments service and everyone’s happy; the Fed, the regulators, you, and most important of all – your customers.
If you want to get further advice on improving your business’ operational resiliency and availability, or to find out more about how Form3’s multi-cloud approach can help your bank move into the real-time payments future, sign up for our webinar – Navigating the Integration and Resilience of New Payment Schemes: Strategies for Success in the Era of APIs and Cloud Technology at 1:00PM eastern on May 10.