When we first started we were planning to host everything on our own hardware. Amongst other things, the FCA handbook (section SYSC 8) required us to provide the regulator and auditors with physical access to our servers. Multi-tenancy cloud vendors would never allow this and banks generally didn’t run critical software in the cloud.
Then two things happened that changed our mind about outsourcing to the cloud:
- In 2015 the FCA awarded a £5m contract to AWS for their own IT needs
- In early 2016 the FCA released draft guidance on a new interpretation of SYSC 8 rules as it applies to the cloud. The final guidance was published in July 2016.
With that in mind, I think it is fair to say that reputation, especially with the FCA, played a large role in our vendor selection. AWS has also been incredibly accommodating and helpful around the special needs of regulated firms. This is clearly a long-running and well executed strategy on their part. On a panel at the Next Money conference this year, a representative from AWS claimed that 100% of the top 50 fintechs in the UK (by whatever measure) are running on AWS.
Long-term we would like to be as independent from any particular cloud service provider as possible. This is one of the reasons we are running our services in kubernetes.