The European Banking Authority have published their final report on recommendations on Cloud Outsourcing. These detailed guidelines set out the EBA expectations that Competent Authorities (The Financial Conduct Authority and Prudential Regulatory Authority) in Member States should adopt.
Regulated Firms that utilize Cloud based solutions will be expected to have undertaken appropriate due diligence on their Service Provider. This may be relatively straightforward when using the likes of Google / Amazon Web Services or Microsoft - but what about those "white label" suppliers or resellers?
Regulated Firms will need to know significantly more about the entities that they are trusting to retain sensitive and confidential Customer data - and the EBA recommendations include a list of twelve areas that should be considered and documented.
Firms will need to show
- Whether the outsourcing has been assessed as material.
- Whether the cloud service provider supports business operations that are time critical.
- An assessment of the cloud service providers suitability
- Details of the last risk assessment of the outsourcing arrangement
- Identification of an alternative service provider, where possible.
This will impact those Regulated Firms that are looking to refine / update their current business model to utilize more Technology based solutions. Interesting times.
No comments:
Post a Comment