ESMA published a consultation paper on guidelines on outsourcing to cloud service providers. The consultation is open until September 01, 2020 and seeks feedback from both national competent authorities and financial market participants that use cloud services provided by third parties. The consultation is also important for cloud service providers, as the draft guidelines aim to ensure that potential risks firms may face from the use of cloud services are properly addressed. ESMA aims to publish the final report on the guidelines by the first quarter of 2021.
The proposed guidelines are consistent with the EBA recommendations on outsourcing to cloud service providers, which were subsequently incorporated into the revised EBA guidelines on outsourcing arrangements in February 2019, and the EIOPA guidelines on cloud outsourcing that were published in February 2020. The guidelines cover the outsourcing requirements applicable to financial market participants when they outsource to cloud service providers. They are intended to help firms and competent authorities identify, address, and monitor the risks and challenges that arise from cloud outsourcing arrangements—from making the decision to outsource, selecting a cloud service provider, and monitoring outsourced activities to providing for exit strategies. The proposed guidelines set out the:
- Governance, documentation, oversight, and monitoring mechanisms that firms should have in place
- Assessment and due diligence that should be undertaken prior to outsourcing
- Minimum elements that outsourcing and sub-outsourcing agreements should include
- Exit strategies and the access and audit rights that should to be catered for
- Notification to competent authorities
- Supervision by competent authorities
Comment Due Date: September 01, 2020
Keywords: Europe, EU, Banking, Insurance, Securities, PMI, Cloud Computing, Third Party Arrangements, Outsourcing Arrangements, ESMA
Leading economist; commercial real estate; performance forecasting, econometric infrastructure; data modeling; credit risk modeling; portfolio assessment; custom commercial real estate analysis; thought leader.
PRA published the policy statement PS8/21, which contains the final supervisory statement SS3/21 on the PRA approach to supervision of the new and growing non-systemic banks in UK.
EBA published a report that sets out the final draft regulatory technical standards specifying the conditions according to which consolidation shall be carried out in line with Article 18 of the Capital Requirements Regulation (CRR).
EBA updated the list of other systemically important institutions (O-SIIs) in EU.
BCBS published two reports that discuss transmission channels of climate-related risks to the banking system and the measurement methodologies of climate-related financial risks.
UK Authorities (FCA and PRA) welcomed the findings of FSB peer review on the implementation of financial sector remuneration reforms in the UK.
PRA and FCA jointly issued a letter that highlights risks associated with the increasing volumes of deposits that are placed with banks and building societies via deposit aggregators and how to mitigate these risks.
MFSA announced that amendments to the Banking Act, Subsidiary Legislation, and Banking Rules will be issued in the coming months, to transpose the Capital Requirements Directive (CRD5) into the national regulatory framework.
EC finalized the Delegated Regulation 2021/598 that supplements the Capital Requirements Regulation (CRR or 575/2013) and lays out the regulatory technical standards for assigning risk-weights to specialized lending exposures.
OSFI launched a consultation to explore ways to enhance the OSFI assurance over capital, leverage, and liquidity returns for banks and insurers, given the increasing complexity arising from the evolving regulatory reporting framework due to IFRS 17 (Insurance Contracts) standard and Basel III reforms.
ECB published results of the benchmarking analysis of the recovery plan cycle for 2019.