Friday 29 December 2017

More about the EBA Report on Cloud outsourcing

The European Banking Authority (EBA) have published its recommendations for the use of cloud based service providers by financial institutions.

The recommendations build upon the original recommendations on outsourcing that date back to 2006 - when the notion of using cloud based solutions was in its infancy.

  The recommendations come into force from 1 July 2018.

Given that compliance with the General Data Protection Regulations (GDPR) comes into force on 25th May 2018 this is also likely to be of interest to the FCA.

The guidance requires Firms to adequately inform the competent authorities of any material activities to be outsourced to cloud service providers.

The guidance specifies that the following need to be made available:

  • the name of the cloud service provider and the name of its parent company (if any);

  • a description of the activities and data to be outsourced;

  • the country or countries where the service is to be performed (including the location of data);

  • the service commencement date;

  • the last contract renewal date (where applicable);

  • the applicable law governing the contract;

  • the service expiry date or next contract renewal date (where applicable). 

It will be interesting to see how the FCA manages this issue. If, having identified form big data analysis that there is a concentration risk of many Firms using the same Cloud Based Service Provider (CBSP) and something were to happen to that CBSP then the impact on Firms, Clients and the Market could be interesting. 


Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk


No comments:

Post a Comment

Search This Blog

Followers