EBA published final guidance on the use of cloud service providers by financial institutions. The guidance, which is applicable as of July 01, 2018, is addressed to credit institutions, investment firms, and competent authorities.
In its guidance, EBA offers recommendations that clarify the EU-wide supervisory expectations if institutions intend to adopt cloud computing, to allow them to leverage the benefits of using cloud services, while ensuring that any related risks are adequately identified and managed. The guidance builds on the existing guidelines on outsourcing developed by the Committee of European Banking Supervisors (CEBS) and provides additional clarity on cloud computing. The EBA recommendations address five key areas: security of data and systems; location of data and data processing; access and audit rights; chain outsourcing; and contingency plans and exit strategies.
The recommendations have been developed according to Article 16 of Regulation (EU) No 1093/2010, which mandates EBA to issue guidelines and recommendations addressed to competent authorities, with a view to establishing consistent, efficient, and effective supervisory practices and ensuring the common, uniform, and consistent application of EU law. The principle of proportionality applies throughout the recommendations, which should be employed in a manner proportionate to the size, structure, and operational environment of the institution as well as the nature, scale, and complexity of its activities. The recommendations fit into the broader EBA work on fintech, as cloud computing is an important enabling technology leveraged by financial institutions to deliver innovative financial products and services. The growing importance of cloud services as a driver of innovation and the increasing interest on the use of cloud outsourcing solutions within the banking industry have prompted EBA to develop these recommendations on its own initiative.
Related Link: Press Release
Effective Date: July 01, 2018
Keywords: Europe, EU, Banking, Cloud Outsourcing, Cloud Computing, Proportionality, Fintech, EBA
Previous ArticleESRB Report on Resolving Non-Performing Loans in Europe
ECB finalized the guide on assessment methodology for the internal model method for calculating exposure to counterparty credit risk (CCR) and the advanced method for own funds requirements for credit valuation adjustment (A-CVA) risk.
EBA published an Opinion addressed to EC to raise awareness about the opportunity to clarify certain issues related to the definition of credit institution in the upcoming review of the Capital Requirements Directive and Regulation (CRD and CRR).
APRA is consulting on updates to ARS 210.0, the reporting standard that sets out requirements for provision of information on liquidity and funding of an authorized deposit-taking institution.
FED released hypothetical scenarios for a second round of stress tests for banks.
PRA published updates in relation to the 2021 Supervisory Benchmarking Portfolio exercise.
FED adopted a proposal to extend for three years, with revision, the capital assessments and stress testing reports (FR Y-14A/Q/M; OMB No. 7100-0341).
HKMA revised the Supervisory Policy Manual module CR-G-14 on margin and other risk mitigation standards for non-centrally cleared over-the-counter (OTC) derivatives transactions.
EBA issued a revised list of validation rules with respect to the implementing technical standards on supervisory reporting.
EBA published its response to the call for advice of EC on ways to strengthen the EU legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT).
NGFS published a paper on the overview of environmental risk analysis by financial institutions and an occasional paper on the case studies on environmental risk analysis methodologies.