BoM Consults on Guideline on Use of Cloud Services
The Bank of Mauritius (BoM) is proposed guidelines on the private banking business and on the general principles for use of cloud services. The proposed cloud services guideline lays down the minimum requirements that shall be applicable to the use of cloud services provided by third parties for material services; where specified in the guideline, these minimum requirements shall also apply to services that involve customer information. The draft guideline applies to all cloud-based arrangements entered by any financial institution licensed by BoM under the Banking Act 2004. The consultation is open until September 08, 2021.
The draft guideline on the use of cloud services provides the necessary guidance to financial institutions engaging in the use of cloud services such that the risks are appropriately identified and managed. The draft guideline on use of cloud services highlights that financial institutions are expected to follow a risk-based approach in respect of cloud services. The level of governance to be applied, the information security requirements, the types of controls to be deployed, and the level of the initial and ongoing due diligence and assurance to be performed shall be commensurate with the criticality of the services. Financial institutions will also be comply to the guideline on outsourcing by financial institutions in the event an outsourced activity avails of the use of cloud services. According to the draft guideline, financial institutions shall submit to BoM a return on use of cloud-based services/activities, containing a list of all material and non-material cloud-based services/activities in the form and manner prescribed by BoM on an annual basis. The annual return should be submitted within the next twenty working days of the previous calendar year. In the event of any change, the amended return shall be submitted within a week following the change. Financial institutions shall report promptly to BoM any incident including unauthorized access or breach of confidentiality and security, directly or indirectly, by a cloud service provider and the action/s it is proposed to take in consequence. A transitional period of six months shall be granted to all financial institutions to ensure compliance with the requirements of the guideline.
In addition, BoM launched a public consultation on another draft guideline, which sets out the regulatory and supervisory framework applicable to banks conducting private banking business. This guideline specifies additional requirements to, or exemptions from, the rules applicable to conventional banking. It sets out the terms under which BoM is prepared to consider exemptions from the Banking Act 2004 under section 7(7D) of the Banking Act. This guideline applies to banks which are licensed under the Banking Act 2004 and which engage in private banking business. Section II of this guideline on exemptions applicable to banks licensed to carry on exclusively private banking business shall apply only to banks licensed under section 7(5) of the Banking Act 2004 to carry on exclusively private banking business. The other sections of the guideline apply to banks carrying on exclusively private banking business as well as banks offering private banking services as part of their conventional banking services. This guideline supersedes the guidelines for banks licensed to carry on private banking business introduced in February 2017. The consultation is open until September 15, 2021.
Related Links
- Notification on Draft Guideline on Use of Cloud Services
- Draft Guideline on Use of Cloud Services (PDF)
- Notification on Draft Guideline for Private Banking Business
- Draft Guideline for Private Banking Business (PDF)
Comment Due Date: September 08, 2021 (Cloud Guideline)/September 15, 2021 (Private Banking Business Guideline)
Keywords: Middle East and Africa, Mauritius, Banking, Cloud Service Providers, Cloud Computing, Governance, Private Banking, Banking Act, Reporting, Regtech, BOM
Featured Experts
María Cañamero
Skilled market researcher; growth strategist; successful go-to-market campaign developer
Nicolas Degruson
Works with financial institutions, regulatory experts, business analysts, product managers, and software engineers to drive regulatory solutions across the globe.
Scott Dietz
Scott is a Director in the Regulatory and Accounting Solutions team responsible for providing accounting expertise across solutions, products, and services offered by Moody’s Analytics in the US. He has over 15 years of experience leading auditing, consulting and accounting policy initiatives for financial institutions.
Previous Article
BDF Updates IT Specifications for AnaCredit ReportingNext Article
BNM Revises Reference Rate Framework in MalaysiaRelated Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.