Saturday 30 December 2017

Devil in the detail - Cloud Outsourcing

The European Banking Authority have published their final report on recommendations on Cloud Outsourcing. These detailed guidelines set out the EBA expectations that Competent Authorities (The Financial Conduct Authority and Prudential Regulatory Authority) in Member States should adopt.

Regulated Firms that utilize Cloud based solutions will be expected to have undertaken appropriate due diligence on their Service Provider.  This may be relatively straightforward when using the likes of Google / Amazon Web Services or Microsoft - but what about those "white label" suppliers or resellers?

Regulated Firms will need to know significantly more about the entities that they are trusting to retain sensitive and confidential Customer data - and the EBA recommendations include a list of  twelve areas that should be considered and documented.

Firms will need to show 


  • Whether the outsourcing has been assessed as material.

  • Whether the cloud service provider supports business operations that are time critical.

  • An assessment of the cloud service providers suitability

  • Details of the last risk assessment of the outsourcing arrangement

  • Identification of an alternative service provider, where possible. 


 This will impact those Regulated Firms that are looking to refine / update their current business model to utilize more Technology based solutions. Interesting times. 


Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk

Posted by at No comments:
Labels: , , ,

Friday 29 December 2017

More about the EBA Report on Cloud outsourcing

The European Banking Authority (EBA) have published its recommendations for the use of cloud based service providers by financial institutions.

 The recommendations build upon the original recommendations on outsourcing that date back to 2006 - when the notion of using cloud based solutions was in its infancy.

   The recommendations come into force from 1 July 2018.

 Given that compliance with the General Data Protection Regulations (GDPR) comes into force on 25th May 2018 this is also likely to be of interest to the FCA.

 The guidance requires Firms to adequately inform the competent authorities of any material activities to be outsourced to cloud service providers.

 The guidance specifies that the following need to be made available:
  • the name of the cloud service provider and the name of its parent company (if any);

  • a description of the activities and data to be outsourced;

  • the country or countries where the service is to be performed (including the location of data);

  • the service commencement date;

  • the last contract renewal date (where applicable);

  • the applicable law governing the contract;

  • the service expiry date or next contract renewal date (where applicable). 

It will be interesting to see how the FCA manages this issue. If, having identified form big data analysis that there is a concentration risk of many Firms using the same Cloud Based Service Provider (CBSP) and something were to happen to that CBSP then the impact on Firms, Clients and the Market could be interesting. 


Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk


Posted by at No comments:
Labels: , , , ,

Thursday 28 December 2017

Outsourcing to the Cloud? Expect the FCA to show more interest in this area soon....

The European Banking Authority (EBA) have published their findings and recommendations on outsourcing to cloud service providers.

A copy of the report may be found at 

http://www.eba.europa.eu/documents/10180/1712868/Final+draft+Recommendations+on+Cloud+Outsourcing+%28EBA-Rec-2017-03%29.pdf
The recommendations are intended to provide additional guidance to credit institutions and investment firms - thankfully on a proportionate basis depending upon the size, structure and operational environment of the institution. 

 Institutions are expected to mitigate risks when outsourcing - has the firm thought about the risks of "chain outsourcing"; does the Firm have a contingency plan / exit strategy if a change of Cloud Service Provider is needed?

The implementation date for these recommendations is 1st July 2018


Posted by at No comments:
Labels: , ,

Wednesday 27 December 2017

Getting started with GDPR

Firms have until 25th May 2018 to fully implement the requirements of GDPR and the new Data Protection Bill.

The ICO have published plenty of useful information about what needs to be done - and recently launched a help desk for Small Businesses.

One of the first steps would be for the Firm to complete the on line questionnaire - details may be found at 


You may wish to have a go at completing the questionnaire - at the end you are able to print off / save your results as a pdf - this will give you a shopping list of any areas that need to be updated.



Posted by at No comments:
Labels: ,

Monday 30 January 2017

Shopping around

Those Firms that have General Insurance Clients that have annually renewable Insurance policies will need to make further changes to their documentation from April 2017.

The FCA have published new requirements in PS16-21 outlining changes expected. In particular, those clients that are at the forth renewal of a policy will need to be informed to consider "shopping around".  Examples of the wordings that can be used include :


‘You have been with us for over five years. You may be able to save money if you shop around.’


‘Have you checked that your insurance cover still meets your needs? Have you considered shopping round to find the best deal for the cover you want?’


‘You have been with us for a number of years. You may be able to get the insurance cover you want at a better price if you shop around.’


Interestingly, there are a number of exemptions that apply - such as monthly renewable policies and long term policies. The requirement only applies to Retail Insurance and not Commercial Lines.


If you need help with your disclosure requirements do get in touch.


Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk



Posted by at 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)

Search This Blog

Followers