BaFin published guidance on outsourcing to cloud service providers. This guidance, which represents a joint assessment by BaFin and the Deutsche Bundesbank, is addressed to credit institutions, financial services institutions, insurance undertakings, pension funds, investment services enterprises, capital management companies, payment institutions, and e-money institutions. The guidance does not establish any new requirements but instead reflects the current supervisory practice in outsourcing cases.
The guidance pursues the objective of creating, for the supervised entities, an awareness of the issues involved in dealing with cloud services and the related requirements of supervisory law. It draws attention to various aspects that the supervised entities should take into account when outsourcing to cloud service providers, for example, in the context of risk analysis and contractual terms. Over the past months, BaFin and Bundesbank have been in discussions with cloud service providers as well as with the supervised entities about plans for outsourcing to cloud service providers. Furthermore, at the EIOPA and the EBA levels, within the Single Supervisory Mechanism, as well as bilaterally between the national supervisory authorities, a constant exchange about how to deal with outsourcing to cloud service providers has emerged.
Keywords: Europe, Germany, Banking, Insurance, Securities, Cloud Outsourcing, Guidance, Cloud Computing, Operational Risk, Bundesbank, BaFin
Previous ArticleUN and Leading Banks Launch Principles for Responsible Banking
EBA issued a revised list of validation rules with respect to the implementing technical standards on supervisory reporting.
EBA published its response to the call for advice of EC on ways to strengthen the EU legal framework on anti-money laundering and countering the financing of terrorism (AML/CFT).
NGFS published a paper on the overview of environmental risk analysis by financial institutions and an occasional paper on the case studies on environmental risk analysis methodologies.
MAS published the guidelines on individual accountability and conduct at financial institutions.
APRA published final versions of the prudential standard APS 220 on credit quality and the reporting standard ARS 923.2 on repayment deferrals.
SRB published two articles, with one article discussing the framework in place to safeguard financial stability amid crisis and the other article outlining the path to a harmonized and predictable liquidation regime.
FSB hosted a virtual workshop as part of the consultation process for its evaluation of the too-big-to-fail reforms.
ECB updated the list of supervised entities in EU, with the number of significant supervised entities being 115.
OSFI published the key findings of a study on third-party risk management.
FSB is extending the implementation timeline, by one year, for the minimum haircut standards for non-centrally cleared securities financing transactions or SFTs.