SARB issued a directive (D3/2018) and guidance notes (G5/2018) on cloud computing and the offshoring of data by banks. The directive is applicable to all banks, controlling companies, branches of foreign institutions and auditors of banks or controlling companies. The directive will be effective from October 01, 2018.
The Prudential Authority of the country expects banks to follow a risk-based approach that is aligned with their risk appetite, based on the nature and size of operations, when implementing cloud computing and offshoring the data. The directive specifies that bank must have in place a formally defined and board approved data strategy and data governance framework. Banks must ensure that their risk and control frameworks, including their application, are designed and operative effectively to manage risks associated with the use of cloud computing and/or the offshoring of data. Banks that use cloud computing and/or offshore their data must ensure that they remain compliant with applicable legislation and regulations, both locally and in the country where cloud services and/or data are hosted.
Effective Date: October 01, 2018
Keywords: South Africa, Banking, Fintech, Cloud Computing, Data Offshoring, Data Governance, SARB
Previous ArticleBDF Publishes Supporting Documents for AnaCredit Reporting
FSB confirmed the Regulatory Oversight Committee (ROC) of the Global Legal Entity Identifier System (GLEIS) as the International Governance Body for the globally harmonized identifiers used to track over-the-counter (OTC) derivatives transactions, with effect from October 01, 2020.
FCA is consulting on its approach to the authorization and supervision of international firms operating in UK.
EBA launched the seventh annual transparency exercise for banks in EU.
The EBA Single Rulebook question and answer (Q&A) tool updates for this month include answers to 32 questions.
MAS published amendments to the Notice 652 on net stable funding ratio (NSFR), along with the related reporting template.
EC published the action plan to enhance the Capital Markets Union in EU over the coming years.
EC adopted a package that includes the digital finance and retail payments strategies and the legislative proposals for regulatory frameworks on crypto-assets and digital operational resilience.
ECB published an opinion (CON/2020/22) on proposals for regulations amending the securitization framework of EU, in response to the COVID-19 pandemic.
APRA updated the lists of the Direct to APRA (D2A) validation and derivation rules for authorized deposit-taking institutions, insurers, and superannuation entities.
MAS published amendments to Notice 637 on the risk-based capital adequacy requirements for reporting banks incorporated in Singapore.