by James Henderson

Why embracing the cloud is ‘non-negotiable’ for Standard Chartered

Aug 19, 2020
Cloud ComputingFinancial Services IndustryIT Leadership

As group CIO, Singapore-based Michael Gorriz is executing a multi-year cloud strategy at Standard Chartered, motivated by a desire to meet the new expectations of a modern-day bank.

michael gorriz standard chartered
Credit: Standard Chartered

With a high degree of executive coordination and synchronicity, Standard Chartered can run 500 technology projects in parallel, at pace, with scale and in rhythm. A multi-functioning and well-oiled machine perhaps, but for Singapore-based Michael Gorriz, four main developments are driving transformative change at the banking giant.

As group CIO, the award-winning executive is kick-starting an era of innovation at the financial institution, dictated by changing market dynamics and underpinned by a multi-year cloud strategy. “We have taken a very thorough and profound approach to the cloud,” Gorriz told CIO ASEAN. “The first of our four main projects is centred around the harmonisation of our core banking system, in addition to creating a state-of-the-art payment system. We are also focusing on our customer interface within the context of mobile and internet banking, alongside enhancing our connection to corporate customers through APIs and open banking. These are major developments with hefty and solid application blocks which are all designed for the cloud. They can still run on-premises if necessary for regulatory reasons but these versions are made for the cloud and native cloud computing.”

Aligned with digital transformation ambitions, Standard Chartered is moving ahead with a multi-cloud approach, ensuring that core banking and trading systems—in addition to virtual banking and banking as-a-service offerings—will be cloud-based by 2025, subject to regulatory approvals.

The bank’s multi-year journey to cloud started with software-as-a-service (SaaS) on a large scale, specifically for back-end systems such as financial control and HR. For banking-related software, the business followed the path of infrastructure-as-a-service (IaaS)—supported by increased levels of security—to build a platform capable of running significant workloads on the cloud.

“The banking industry has gone through a massive digital transformation and the recent global pandemic has set the stage for the transformation to accelerate, much faster than ever before,” Gorriz acknowledged. “The bank of the future is here and, if we are to stay in business, cloud adoption is clearly not just a ‘nice to have’. While our journey to be fully on the cloud will be a multi-year journey, I am convinced that cloud technology will be crucial to delivering our network, serving our customers, improving efficiencies and embracing new business opportunities.”

Despite the economic challenges of COVID-19—evident through the continued uncertainty of second waves and lockdown measures—Gorriz said the technology strategy at the heart of such transformation has remain unchanged, backed by a desire to become globally resilient. “We had global data centres running a large amount of our compute estate, but these data centres might become inaccessible, meaning it’s difficult to even replace faulty hardware,” he said. “Our aspiration to move to the cloud even faster than before has gained momentum, with the intention of not relying on one cloud provider, rather many cloud providers. We will no longer rely on any particular location or region because our compute capability should be ubiquitous—it really doesn’t matter where the compute takes place. Obviously regulatory requirements remain a factor, but even so we are massively moving to the cloud in all regards and aspects.”

A series of deployments across the globe, with Microsoft Azure at core

In taking a helicopter view of Standard Chartered’s global footprint, Gorriz said the cloud also offers the flexibility to spin-up and scale-back as per shifting market priorities, evident through recent deployments in Europe and Asia-Pacific. “We rolled out our core banking system in the UK in early July, followed by Germany,” he said. “Hong Kong requires a larger migration due to more legacy systems, meaning some heavy lifting is required before deployment during the fourth quarter of 2021. We have a clear timeline and schedule in place but naturally, that can change aligned to the priorities of the market. Due to a localisation requirement in India, for example, we moved to the cloud with payment and core banking systems earlier this year—we pulled the project forward to adhere to market specifications.”

Despite a desire to leverage the unique flavours of multiple providers, Standard Chartered will adopt Microsoft Azure as a preferred cloud platform. The motivation behind this decision is to strengthen data centre and cloud services capabilities, while addressing increasing requirements in relation to customer security, privacy and compliance.

The first set of capabilities to move to Azure will be the bank’s trade finance systems to facilitate cross-border trade for corporate and institutional clients. Artificial intelligence (AI) and data analytics are also on the agenda to enhance and automate banking processes while delivering hyper personalisation at product and experience levels.

In addition, a digital workplace overhaul will be delivered via Microsoft 365 and Microsoft Teams to provide productivity and collaboration tools to more than 84,000 employees across 60 markets. “Our aspiration is to work with any device, at any time in any location with the correct security in place,” Gorriz said. “We are around 70 to 75 percent there but in terms of achieving device independence which allows an employee to take a personal device and log in to the cloud; we are probably a year away. But the majority is already a reality in that I have my backpack, laptop, cables and power cord—that’s all I need.”

The three core KPIs for Standard Charter’s cloud adoption

From a value perspective at Standard Chartered—and in the context of cloud and wider technology adoption—Gorriz outlined three core key performance indicators (KPIs) by which success will be measured at boardroom level: risk, investment and speed.

“Firstly, how do I protect the bank against downside risk?” Gorriz said. “This includes outages, cyber attacks and regulatory breaches. This is an area in which every CIO requires a clean sheet—there is no appetite in any capacity for cyber risk. We are also stable and have zero perceived outages. Perhaps there might be a little glitch, but the customer wouldn’t be aware of this and would still receive a solid service, although this has never happened before. And regulatory [compliance] is a no-brainer in terms of avoiding any breaches.”

Secondly, Gorriz is tasked with tracking how much money is spent per customer to keep IT running, with business as usual costs not expected to surpass revenue.

“And finally, how fast can I turn an idea into production,” he said. “This is measured once the business logs an idea or request and this goes into production. Currently, we are roughly at 13 weeks on average for the idea being raised until the request moves into production, and we are shooting for eight weeks on average. For example, if an important customer has a specific request, we discuss the requirements with the product owner, work with the scrum team, test and put into production. That’s devops at play—end-to-end development from testing, releasing, approval and provisioning in one go.”

Lessons from a career shift from automotive to banking

Before joining the business as group CIO in July 2015, Gorriz had served as vice president and CIO at Daimler, holding responsibility for the smooth running of all systems, operations and IT projects globally. “In moving to Standard Chartered, I decided to do something completely different in the form of a triple change—city, company and industry, ” he said. “We packed our suitcase and moved from Stuttgart to Singapore, Daimler to Standard Chartered and automotive to banking.”

At the surface level, Gorriz said the concept of banking is straightforward: “You produce goods and services and ship those from A to B, and the money has to go from B to A.”

Yet the question remains as to whether existing banks can remain relevant due to the ever-changing technology requirements of the customer. “My biggest learning was that in financial services, we are masters at using acronyms and masters at complicating simple things,” he said. “I studied physics, meaning it took five years to find simple answers on complicated questions. In banking, we do things the other way around. Perhaps my naïveté in banking helped cut to the chase and create a sense of realism in terms of our technology approach.”

In comparing technology adoption in automotive and manufacturing with banking, Gorriz accepted that despite a high level of importance, technology still remains a utility in his previous sector—“whereas technology in banking moves into core,” he noted. “Everything we do in banking is based on technology such as customer interface, APIs, sophisticated software packages and deep integration into value chains.”

Even though the manufacturing sector is more in favour of outsourcing operations, banking has adopted an in-house approach, evident through the creation of internal software and services at Standard Chartered. “We have far more people within IT at Standard Chartered and in banking, but there’s not as many processes to wire and automate,” Gorriz said. “We are a large technology organisation, we have around 17,000 employees within our division including contractors, 10,000 of which are true developers. Running a business with 10,000 true developers eager to create something new is a balancing act between providing the freedom so they can be effective, while maintaining some degree of control to ensure they don’t go overboard.”

Yet despite this, Standard Chartered is currently running about 1,300 systems worldwide front-to-back whereas in manufacturing that number was closer to 4,500, Gorriz said. “We’re also more plugged into the business in banking,” he added. “While the business has to set the strategy—that’s absolutely clear—the next person to talk to is the CIO to ensure the strategy can work, is achievable, stable and safe.”