RegTek.Solutions (a Bloomberg company) – Redesigning on AWS to Offer SaaS

Abstract

Client: RegTek Solutions

Project Dates:  January 2017 through May 2017

Technology Solutions Used:

  • Jenkins
  • Ansible
  • OneLogin for authentication and authorization of client users
  • DataDog for monitoring

Summary

RegTek.Solutions (a Bloomberg company) is one of the premier software providers in the Regulatory Reporting space, serving 15 of the 20 largest global banks as customers.  Their software was developed to run inside a data center, but customer demand required them to provide a SaaS offering in addition to an option running in customers’ own data centers.  Leveraging the flexibility of AWS, Risk Focus quickly adapted the platform to run in the cloud and introduced new automation while decreasing time-to-market and reducing time to onboard new customers.

Due to business developments, we needed to evacuate our data center very quickly. Risk Focus helped us make this move while re-engineering our development and deployment processes. This allowed us to become more agile and increase delivery velocity. Moreover, they helped us deliver our first SaaS offering and onboard our first clients to the new platform.  Risk Focus’s key differentiator is their unique combination of deep Financial Services domain knowledge coupled with technical expertise and delivery excellence.

Brian Lynch

CEO, RegTek.Solutions (a Bloomberg company)

Problem Statement

The RegTek software was originally developed to be tested and run inside a data center as binary artifacts, with VMs running on a small set of Hyper-V racks in the client’s own data centers.  After initial launch, many of them asked for a SaaS solution, and so RegTek needed to move the platform to the cloud while maintaining the ability for it to run locally within a data center.

RegTek enlisted Risk Focus to help:

  • Create a fully-automated CI/CD pipeline outside of its data center that would allow it to provision environments on demand, build the binary artifacts, and run large-scale testing on its suite of products
  • Develop a process to produce different deployable binary artifacts, both traditional wars and Docker containers
  • Create a secure automated SaaS offering for current and prospective customers
  • Onboard its first batch of clients onto the newly-built SaaS platform

 

AWS-Based Solution

We proposed that RegTek move to AWS, but because its software needed to retain the ability to run in any data center, we ensured that the software was cloud portable and not tightly bound to the AWS cloud native offerings. The elasticity provided by AWS allowed RegTek to develop and test much faster by provisioning and tearing down environments in an automated way.

We then deployed some of the RegTek products as SaaS offerings into separate AWS accounts under an Organization, leveraging Consolidated Billing.

The solution involved provisioning single-tenant VPCs with Oracle instances for each client, which were created by using CloudFormation templates. Because of the sensitivity of the data being reported, all SaaS clients had requested complete isolation from one another.

In the new design, CloudWatch was implemented to capture all logs, and CloudTrail to monitor access to all deployed resources.  Resiliency was achieved by relying on ELB, Multi-AZ deployments, and Auto-scaling groups.

 

Financial Services Domain Expertise

The project consisted of three components: developing CI/CD pipelines, re-designing the architecture to offer SaaS, and onboarding customers onto the new SaaS platform.  Risk Focus’s keen domain knowledge of trading risk and regulator compliance was especially useful in the last piece.

RegTek.Solutions enlisted Risk Focus to do all initial customer onboarding, where our Business Analysts identified clients’ required feeds and designed their delivery processes.  Risk Focus also used its deep domain expertise to map required data and enrichment to ensure that the raw trading feeds delivered by the client could be submitted to the SDR (Swaps Data Repository) of the DTCC.

More Options, Better Customer Service

RegTek.Solutions now operates a highly successful business that features both installations within customers’ data centers and a robust SaaS reporting solution hosted on AWS.  This allows RegTek to provide a higher value of service to their clients. It also allows their clients to focus on growing their Financial Services businesses, while staying compliant and avoiding the hefty fines levied on businesses that do not provide accurate and timely reporting.

Deutsche Börse – Leveraging AWS For Rapid Infrastructure Evolution

Deutsche Börse – Leveraging AWS For Rapid Infrastructure Evolution

Abstract

Client: The Deutsche Börse, Market Data and Services Business Groups

Project Dates:  January 2017 through January 2018

Technology Solutions Used:

  • AWS Cloud Hosting
  • Docker Swarm: orchestration framework
  • Redis: in-memory cache
  • Confluent Kafka: scalable replay log
  • TICK: monitoring framework
  • Greylog: log aggregation
  • Jenkins: CI/CD pipeline

Summary

Leveraging AWS, we empowered our client with the automation and tools needed to rapidly create and test a production-scale on-demand infrastructure within a very tight deadline to support MIFID2 regulations.

Given the extreme time pressure that we were under to deliver a mission-critical platform, together with Risk Focus’ we decided to use AWS for Development, QA, and UAT which proved to be the right move, allowing us to hit the ground running. The Risk Focus team created a strong partnership with my team to deliver the project.

Maja Schwob

CIO, Data Services, Deutsche Börse

Problem Statement

In 2017, the Deutsche Börse needed an APA to be developed for their RRH business to support MIFID2 regulations, to be fully operation by January 3, 2018. The service provides real-time MIFID2 trade reporting services to around 3,000 different financial services clients. After an open RFP process, The Deutsche Börse selected Risk Focus to build this system and expand its capacity so it process twenty times the volume of messages without increasing latency and deliver the system to their on-premises hardware within four months.

AWS-Based Solution

To satisfy these needs, we proposed a radical infrastructure overhaul of their systems that involved replacing their existing Qpid bus with Confluent Kafka. This involved architecture changes and configuration tuning.

The client’s hardware procurement timelines and costs precluded the option to develop and test on-premises. Instead, we developed, tested and certified the needed infrastructure in AWS and applied the resulting topology and tuning recommendations for the on-site infrastructure. Finding optimal configuration required executing hundreds of performance tests with 100s of millions of messages flowing through a complex mission-critical infrastructure, and it would have been impossible in the few weeks available without the elasticity and repeatability provided by AWS. This was implemented using an automated CI/CD system that built both environment and application, allowing developers and testers to efficiently create production-scale on-demand infrastructure very cost effectively.

Summary Leveraging AWS, we empowered our client with the automation and tools needed to rapidly create and test a production-scale on-demand infrastructure within a very tight deadline to support MIFID2 regulations through an AWS-Based Solution

Financial Services Domain Expertise

Although this was a technical implementation, we were ultimately selected by the business unit at the Deutsche Börse to provide an implementation of their service because of our strong Financial Services domain expertise and implemented both technical and business requirements. The stakeholder group also included the internal IT team and the Bafin (German Financial Regulator), and all technology, infrastructure and cloud provider decisions had to be made in tandem by all three groups collectively.

Risk Focus’s deep domain knowledge in Regulatory Reporting and Financial Services was crucial to understanding and proposing a viable solution to address the client’s needs and satisfy all stakeholders. That domain expertise, in combination with Risk Focus’ technology acumen, allowed for the delivery of the service that met requirements.

Setting the Stage for The Future

The system was delivered to the client’s data center on time within a startlingly short timeframe. We worked with their internal IT departments closely to transfer fully over the delivered solution, allowing us to disengage from the project and effectively transfer all knowledge to the internal team. All test environments and automation were handed over to the client, allowing them to further tune and evolve the system.

The ability to develop and experiment in AWS empowers the client to make precise hardware purchasing decisions as volumes change, and they now have a testbed for further development to adapt to new regulatory requirements.  They are well-positioned for the future, as it provides a pathway to public cloud migration once that path is greenlighted by regulators.

Case Study – Regulatory Reporting Health Check

Content: Market Pressure

Helping a Global Bank Respond to a Regulator’s Audit.

Following the 2008 global financial crisis, policymakers in the G-20 committed to reforming domestic and international rules governing the over-the-counter (OTC) derivatives markets. In response, regulators across the world like CFTC, ESMA, MAS, ASIC, etc have come up with various regulations like central clearing through central counterparties to reduce counterparty risk and reporting of all eligible transactions to trade repositories to increase transparency. Firms are expected to comply with complex regulations constantly and may be subject to severe financial penalties and reputational risk in case of any deficiencies observed by the regulators.

The Client

A Global Bank that is a Swaps Dealer responded to a regulator’s audit of its OTC Trade Reporting by engaging Risk Focus to perform a Regulatory Trade Reporting Health Check.

The Challenge

Ever since the enactment of Dodd Frank in the US and similar regulations like EMIR in Europe, regulators have continued to monitor the data quality of trade submissions and provided additional guidance to trade repositories like the DTCC’s Global Trade Repository (GTR) in a bid to make the submission data more useful for their oversight. For example, EMIR reporting for OTC derivatives began in February 2014. ESMA Level 1 validations were rolled out in December 2014 and subsequently ESMA Level 2 validations in November 2015 requiring trade repositories to strictly enforce them and reject any submissions made by firms that did not comply with these. Hence, firms need to continuously monitor any changes to the regulations and subsequent impact on the message submission specifications provided by the trade repositories to remain complaint.

Regulators and their enforcement arms regularly perform audits to measure compliance with these regulations, and are most interested in seeing evidence that firms are in control of their trade reporting operations. Firms that can prove that they can retrieve historical reports with little effort and have mechanisms to ensure the quality, accuracy, and completeness of their reports will fare better than firms that can’t. Those that are found to be remiss or to have inaccurately reported their trades to a repository have been both fined millions of dollars and exposed in the media.

Our Solution

Our client, a large Global Bank that is a Swaps Dealer, was being audited by one of the enforcement arms of a regulator. The bank engaged Risk Focus to perform Regulatory Health Check to identify gaps in its reporting obligations to CFTC and ESMA for their Interest Rates, Foreign Exchange and Commodities businesses. Within 6 weeks the Risk Focus team was able to perform a detailed review of the current workflow for various products and trade life cycle events as well as analysed several samples of the firm’s submissions to the trade repositories. Accomplishing this in such a compressed time frame was made possible by leveraging the regulatory reporting controls from RegTek Solutions, the software firm spun out of Risk Focus in 2017.  The team identified gaps in the firm’s current reporting workflow and data quality issues with the submissions. At the end of the engagement, the team provided high-level recommendations to the client on how to address deficiencies like under-reporting and over-reporting of certain events and erroneous/missing/incorrect reporting of certain fields to the regulators.

The high-level approach followed during the engagement is as follows:

– Review of current reporting workflow for various asset classes and products

– Identification of trade life cycle event reporting scenarios for each of the asset classes and products in scope

– Comprehensive analysis of a sample subset of the firm’s submissions to the trade repository by performing a manual  three-way comparison between the firm’s submissions, trade repository specifications and the regulations as well as using RegTek’s industry acclaimed tool Validate.Trade

– Documentation of gaps and issues identified during the analysis and providing recommendations to the client to effectively address the shortcomings

Benefits

Based on the high-level recommendations provided by the Risk Focus team at the end of the regulatory health check engagement, the client is embarking on a remediation program that follows our suggestions, which includes putting in place a new layer of controls alongside their transaction reporting platform, essentially future-proofing them from changes in regulations going forward by implementing a foundational control framework.

The remediation program based on the Health check findings will include the following:

– Implementing a control framework (from RegTek Solutions) for daily reconciliation of trading activity against trade repository reporting activity, as well as monitoring errors in real time

– Addressing the gaps in existing reporting workflows

– Back-reporting of any under reported/mis-reported trades