Featured Product

    ESMA Publishes Guidelines on Outsourcing to Cloud Service Providers

    December 18, 2020

    ESMA published the final report on the guidelines for outsourcing to cloud service providers. The guidelines apply to competent authorities and various entities under the ESMA remit, including credit rating agencies, investment firms and credit institutions when they carry out investment services and activities, data reporting services providers, and market operators of trading venues. The guidelines apply from July 31, 2021 to all cloud outsourcing arrangements entered into, renewed, or amended on or after this date. In addition, ESMA announced recognition of Euroclear UK & Ireland Limited, a UK-established central securities depository (CSD) as a third-country CSD after Brexit transition on December 31, 2020. Yet another announcement involves registration of DTCC Data Repository (Ireland) PLC (by ESMA) as a trade repository under the European Market Infrastructure Regulation (EMIR) and the Securities Financing Transactions Regulation (SFTR), with effect from December 23, 2020.

    The guidelines are intended to help firms identify, address, and monitor the risks arising from cloud outsourcing arrangements. The guidelines are also intended to support a convergent approach to the supervision of cloud outsourcing arrangements across competent authorities in EU. The report incorporates feedback received during the consultation process for these draft guidelines (during June 03, 2020 to September 01, 2020) as well as the relevant outsourcing guidelines from EBA and EIOPA. While working on these guidelines, ESMA has been also mindful of the proposal for a Digital Operational Resilience regulation, which the EC published in September 2020. The guidelines in this report focus on:

    • Risk assessment and due diligence that firms should undertake with respect to the cloud service providers
    • Governance, organizational, and control frameworks that firms should put in place to monitor the performance of cloud service providers 
    • How to exit the cloud outsourcing arrangements without undue disruption to business
    • Contractual elements that a cloud outsourcing agreement should include
    • Information to be notified to competent authorities

    The guidelines apply from July 31, 2021 and firms should review and amend accordingly the existing cloud outsourcing arrangements with a view to ensuring that they take into account these guidelines by December 31, 2022. Where the review of cloud outsourcing arrangements of critical or important functions is not finalized December 31, 2022, firms should inform the respective competent authority about this, including the measures planned to complete the review or the possible exit strategy.

     

    Related Links

    Keywords: Europe, EU, Banking, Securities, Outsourcing, Cloud Computing, DTCC, Euroclear, ESMA

    Related Articles
    News

    FED Revises Capital Planning and Stress Testing Requirements for Banks

    FED finalized a rule that updates capital planning requirements to reflect the new framework from 2019 that sorts large banks into categories, with requirements that are tailored to the risks of each category.

    January 19, 2021 WebPage Regulatory News
    News

    ECB Releases Results of Bank Lending Survey for Fourth Quarter of 2020

    ECB published results of the quarterly lending survey conducted on 143 banks in the euro area.

    January 19, 2021 WebPage Regulatory News
    News

    ESAs Publish Reporting Templates for Financial Conglomerates

    ESAs published the final draft implementing technical standards on reporting of intra-group transactions and risk concentration of financial conglomerates subject to the supplementary supervision in EU.

    January 18, 2021 WebPage Regulatory News
    News

    EBA Publishes Report on Asset Encumbrance of Banks in EU

    EBA published the annual report on asset encumbrance of banks in EU.

    January 18, 2021 WebPage Regulatory News
    News

    MAS Revises Guidelines on Technology Risk Management

    MAS revised the guidelines that address technology and cyber risks of financial institutions, in an environment of growing use of cloud technologies, application programming interfaces, and rapid software development.

    January 18, 2021 WebPage Regulatory News
    News

    US Agencies Publish Updates for Call Reports, FFIEC 101, and FR Y-9C

    FED updated the reporting form and instructions for the FR Y-9C report on consolidated financial statements for holding companies.

    January 15, 2021 WebPage Regulatory News
    News

    EBA Proposes Guidelines for Establishing Intermediate Parent Entities

    EBA issued a consultation paper on the guidelines on monitoring of the threshold and other procedural aspects of the establishment of intermediate EU parent undertakings, or IPUs, as laid down in the Capital Requirements Directive.

    January 15, 2021 WebPage Regulatory News
    News

    EC Adopts Financial Reporting Changes Arising from Benchmark Reforms

    EC published Regulation 2021/25 that addresses amendments related to the financial reporting consequences of replacement of the existing interest rate benchmarks with alternative reference rates.

    January 14, 2021 WebPage Regulatory News
    News

    BIS Bulletin Examines Key Elements of Policy Response to Cyber Risk

    BIS published a bulletin, or a note, that examines the cyber threat landscape in the context of the pandemic and discusses policies to reduce risks to financial stability.

    January 14, 2021 WebPage Regulatory News
    News

    HMT Updates List of Post-Brexit Equivalence Decisions in UK

    HM Treasury, also known as HMT, has updated the table containing the list of the equivalence decisions that came into effect in UK at the end of the transition period of its withdrawal from EU.

    January 14, 2021 WebPage Regulatory News
    RESULTS 1 - 10 OF 6462