The Bank of Mauritius (BoM) is proposed guidelines on the private banking business and on the general principles for use of cloud services. The proposed cloud services guideline lays down the minimum requirements that shall be applicable to the use of cloud services provided by third parties for material services; where specified in the guideline, these minimum requirements shall also apply to services that involve customer information. The draft guideline applies to all cloud-based arrangements entered by any financial institution licensed by BoM under the Banking Act 2004. The consultation is open until September 08, 2021.
The draft guideline on the use of cloud services provides the necessary guidance to financial institutions engaging in the use of cloud services such that the risks are appropriately identified and managed. The draft guideline on use of cloud services highlights that financial institutions are expected to follow a risk-based approach in respect of cloud services. The level of governance to be applied, the information security requirements, the types of controls to be deployed, and the level of the initial and ongoing due diligence and assurance to be performed shall be commensurate with the criticality of the services. Financial institutions will also be comply to the guideline on outsourcing by financial institutions in the event an outsourced activity avails of the use of cloud services. According to the draft guideline, financial institutions shall submit to BoM a return on use of cloud-based services/activities, containing a list of all material and non-material cloud-based services/activities in the form and manner prescribed by BoM on an annual basis. The annual return should be submitted within the next twenty working days of the previous calendar year. In the event of any change, the amended return shall be submitted within a week following the change. Financial institutions shall report promptly to BoM any incident including unauthorized access or breach of confidentiality and security, directly or indirectly, by a cloud service provider and the action/s it is proposed to take in consequence. A transitional period of six months shall be granted to all financial institutions to ensure compliance with the requirements of the guideline.
In addition, BoM launched a public consultation on another draft guideline, which sets out the regulatory and supervisory framework applicable to banks conducting private banking business. This guideline specifies additional requirements to, or exemptions from, the rules applicable to conventional banking. It sets out the terms under which BoM is prepared to consider exemptions from the Banking Act 2004 under section 7(7D) of the Banking Act. This guideline applies to banks which are licensed under the Banking Act 2004 and which engage in private banking business. Section II of this guideline on exemptions applicable to banks licensed to carry on exclusively private banking business shall apply only to banks licensed under section 7(5) of the Banking Act 2004 to carry on exclusively private banking business. The other sections of the guideline apply to banks carrying on exclusively private banking business as well as banks offering private banking services as part of their conventional banking services. This guideline supersedes the guidelines for banks licensed to carry on private banking business introduced in February 2017. The consultation is open until September 15, 2021.
- Notification on Draft Guideline on Use of Cloud Services
- Draft Guideline on Use of Cloud Services (PDF)
- Notification on Draft Guideline for Private Banking Business
- Draft Guideline for Private Banking Business (PDF)
Comment Due Date: September 08, 2021 (Cloud Guideline)/September 15, 2021 (Private Banking Business Guideline)
Keywords: Middle East and Africa, Mauritius, Banking, Cloud Service Providers, Cloud Computing, Governance, Private Banking, Banking Act, Reporting, Regtech, BOM
Previous ArticleBDF Updates IT Specifications for AnaCredit Reporting
The Office of the Superintendent of Financial Institutions (OSFI) published an update on the discussion paper that intended to engage federally regulated financial institutions and other interested stakeholders in a dialog with OSFI, to proactively enhance and align assurance expectations over key regulatory returns.
The European Commission (EC) published a report summarizing responses to the targeted consultation on the supervisory convergence and the single rulebook in the European Union (EU).
The European Central Bank (ECB) published its opinion on a proposal for a regulation on European green bonds, following a request from the European Parliament.
The Advisory Scientific Committee (ASC) of the European Systemic Risk Board (ESRB) published a report that explores the expected impact of digitalization on provision of financial and banking services, and proposes policy measures to address the risks stemming from digitalization.
The Hong Kong Monetary Authority (HKMA) is consulting on the draft Financial Institutions (Resolution) Ordinance (Cap. 628), or FIRO, Code of Practice chapter on liquidity and funding in resolution, until March 14, 2022.
The Swedish Financial Supervisory Authority (FI) announced that the capital adequacy reporting as at December 31, 2021 must be done by February 11, 2022.
The European Banking Authority (EBA) announced that the guidelines on the reporting and disclosure of exposures subject to measures COVID-relief measures shall continue to apply until further notice.
The Central Bank of the Philippines (BSP) issued communications covering developments related to online lending platforms, open finance framework and roadmap, and on the expected regulations in the area sustainable finance.
The Board of Governors of the Federal Reserve System (FED) published the final rule that amends Regulation I to reduce the quarterly reporting burden for member banks by automating the application process for adjusting their subscriptions to the Federal Reserve Bank capital stock, except in the context of mergers.
The European Banking Authority (EBA) published its assessment of risks through the quarterly Risk Dashboard and the results of the Autumn edition of the Risk Assessment Questionnaire (RAQ).