• Home
  • Case Study Solution

FINRA (A): Moving Financial Regulation to the Cloud Custom Case Solution & Analysis

Evidence Brief: Case Extraction

1. Financial Metrics

  • Data Volume: FINRA processes 30 billion to 75 billion market events daily.
  • Storage Requirements: Current data footprint exceeds 20 petabytes.
  • Infrastructure Costs: Legacy data centers require significant capital expenditure for hardware refreshes every 3 to 5 years.
  • Processing Efficiency: Current systems must process 90 percent of data within a 24-hour window to meet regulatory mandates.
  • Cost Structure: Shift from fixed capital expenditure (CapEx) to variable operating expenditure (OpEx) through cloud consumption.

2. Operational Facts

  • Core Function: Surveillance of 3,700 brokerage firms and multiple stock exchanges.
  • Technology Stack: Predominantly on-premise private data centers using traditional relational databases.
  • Scalability Limits: On-premise hardware cannot scale instantly to handle market volatility or high-frequency trading spikes.
  • Market Scope: Monitoring 99 percent of equities and 65 percent of options trading in the United States.
  • Geography: Primary operations based in Rockville, Maryland, with data centers in the US.

3. Stakeholder Positions

  • Steve Randich (CIO): Proponent of the cloud transition. Views legacy infrastructure as a barrier to agility and cost control.
  • Marty Colburn (CTO): Responsible for technical execution. Concerned with the architectural shift from monolithic to distributed systems.
  • Market Participants: Broker-dealers and exchanges require FINRA to maintain high security and low latency without increasing regulatory fees.
  • SEC (Securities and Exchange Commission): Oversight body requiring FINRA to prove that cloud migration does not compromise market integrity.

4. Information Gaps

  • Migration Budget: The case does not specify the total dollar amount allocated for the AWS transition.
  • AWS Contract Terms: Specific pricing discounts or service level agreements (SLAs) are not disclosed.
  • Labor Costs: The cost of retraining existing IT staff or hiring cloud-native engineers is absent.
  • Exit Strategy: No detailed plan for repatriating data if AWS fails or prices increase significantly.

Strategic Analysis

1. Core Strategic Question

  • Can FINRA maintain regulatory dominance and operational integrity while decoupling its surveillance capacity from physical hardware constraints?
  • How does FINRA mitigate the concentration risk of moving 20 petabytes of sensitive financial data to a single third-party provider?

2. Structural Analysis

Value Chain Analysis: Technology development is no longer a support activity for FINRA; it is the primary driver of value. The inability to process peaks of 75 billion events on-premise creates a structural bottleneck in the surveillance mission. Moving to the cloud shifts the value proposition from hardware ownership to algorithmic speed.

PESTEL (Technological/Legal): High-frequency trading (HFT) has outpaced human-led regulation. The legal mandate to monitor 99 percent of equities requires a technological platform that scales elastically. Failure to migrate results in a regulatory gap that undermines market confidence.

3. Strategic Options

4. Preliminary Recommendation

Pursue full migration to AWS. The elasticity required to process 75 billion daily events cannot be achieved economically on-premise. The risk of regulatory failure due to processing delays outweighs the risk of vendor lock-in. FINRA must prioritize speed and scale to remain relevant in a high-frequency trading environment.

Implementation Roadmap

1. Critical Path

  • Phase 1: Security and Compliance Validation (Months 1-3). Establish the Virtual Private Cloud (VPC) and gain SEC approval for data encryption protocols.
  • Phase 2: Data Lake Construction (Months 4-8). Migrate 20 petabytes of historical data to S3. This is the dependency for all surveillance applications.
  • Phase 3: Application Refactoring (Months 6-18). Move from monolithic SQL databases to distributed processing frameworks like EMR and Spark.
  • Phase 4: Parallel Running (Months 12-20). Run surveillance on-premise and in the cloud simultaneously to verify accuracy.

2. Key Constraints

  • Technical Debt: Decades of legacy code built for relational databases will not perform efficiently in a distributed cloud environment without significant rewriting.
  • Regulatory Scrutiny: Any data breach or loss during migration will trigger SEC intervention and potentially halt the project.
  • Talent Gap: Existing staff trained on private data centers may lack the skills for serverless architecture and cloud-native security.

3. Risk-Adjusted Implementation Strategy

Implement a phased decommissioning of data centers. Do not shut down physical sites until three consecutive months of 100 percent data accuracy are achieved in the cloud. Establish a dedicated Cloud Center of Excellence to manage the cultural shift and provide continuous training to legacy engineers. Build contingency by using infrastructure as code (IaC) to ensure that while AWS is the primary provider, the environment is documented well enough to facilitate a multi-cloud transition in the future if required.

Executive Review and BLUF

1. BLUF

FINRA must complete the migration to AWS immediately. The current on-premise model is fundamentally broken; it cannot scale to meet the 75 billion daily event peaks generated by high-frequency trading. The shift from capital-heavy hardware to elastic cloud computing is the only path to maintaining regulatory relevance. While vendor lock-in and security are valid concerns, they are manageable through encryption and architectural discipline. The alternative is operational obsolescence and a failure to protect market integrity. APPROVED FOR LEADERSHIP REVIEW.

2. Dangerous Assumption

The analysis assumes that AWS pricing will remain stable and that the cost of data egress will not become a financial burden. If AWS increases prices once FINRA has migrated its 20 petabytes, the organization will have no immediate leverage to negotiate or move elsewhere.

3. Unaddressed Risks

  • Concentration Risk: A regional AWS outage could blind US market surveillance for hours, creating a window for undetected market manipulation. Probability: Low. Consequence: Catastrophic.
  • Regulatory Drift: The SEC may change data residency requirements, forcing a costly repatriation of data from public servers to private infrastructure. Probability: Moderate. Consequence: High.

4. Unconsidered Alternative

The team did not fully evaluate a Multi-Cloud Strategy from the outset. By splitting workloads between AWS and Google Cloud or Azure, FINRA could maintain price competition and operational redundancy. While more complex initially, it eliminates the single point of failure inherent in the current recommendation.

5. MECE Strategic Assessment

  • Operational Readiness: Refactoring legacy code is the primary hurdle, not the cloud infrastructure itself.
  • Financial Impact: Long-term savings depend on aggressive decommissioning of old data centers, not just cloud adoption.
  • Regulatory Integrity: Success is measured by the 24-hour processing window, which current systems are failing to meet.


Custom Case Solution


OmniHealth custom case study solution

Sailing in a Tariff Storm: What Should Sant Do? custom case study solution

Alianza Cero Basura: Challenges in Sustaining Its Mission custom case study solution

From Germany to the World: ALDI's Product Diversification and International Expansion custom case study solution

Ramson Industries: Navigating Digital Transformation Challenges custom case study solution

Keeping the Customer Satisfied: The Fall and Rise of Sa Sa (A) custom case study solution

Ben & Jerry's in Israel: A Board Pitted against the Parent custom case study solution

Saladstop!: Service Environment and Design custom case study solution

Newsweek: Leading a Transformation custom case study solution

Lynda Bussgang's Stages custom case study solution

ReNew Power: Building Scale in the Indian RE Sector custom case study solution

Chinese Online 2018-2020: Turnaround custom case study solution

Nexleaf Analytics: Saving the World Using the Internet of Things custom case study solution

Climate Action in Miami custom case study solution

Zain Group: Diversity and Inclusion in the Middle East custom case study solution

1,000+ Case Studies Solved. One Framework: Get It Right. Expert-structured solutions built the way top MBA programs actually evaluate them

Made by
Option Rationale Trade-offs Resource Requirements
Full Public Cloud (AWS) Eliminates capacity ceilings; provides native tools for big data. Total dependency on one vendor; high initial refactoring cost. Cloud architects; security engineers; AWS OpEx budget.
Hybrid Cloud Model Keeps sensitive data on-premise while using cloud for burst capacity. Extreme complexity in data synchronization; latency issues. Integration middleware; dual-environment maintenance staff.
On-Premise Expansion Maximum control over security and data sovereignty. Prohibitive capital costs; cannot handle unpredictable market spikes. Continuous hardware procurement; large data center footprint.