BaFin published guidance on outsourcing to cloud service providers. This guidance, which represents a joint assessment by BaFin and the Deutsche Bundesbank, is addressed to credit institutions, financial services institutions, insurance undertakings, pension funds, investment services enterprises, capital management companies, payment institutions, and e-money institutions. The guidance does not establish any new requirements but instead reflects the current supervisory practice in outsourcing cases.
The guidance pursues the objective of creating, for the supervised entities, an awareness of the issues involved in dealing with cloud services and the related requirements of supervisory law. It draws attention to various aspects that the supervised entities should take into account when outsourcing to cloud service providers, for example, in the context of risk analysis and contractual terms. Over the past months, BaFin and Bundesbank have been in discussions with cloud service providers as well as with the supervised entities about plans for outsourcing to cloud service providers. Furthermore, at the EIOPA and the EBA levels, within the Single Supervisory Mechanism, as well as bilaterally between the national supervisory authorities, a constant exchange about how to deal with outsourcing to cloud service providers has emerged.
Keywords: Europe, Germany, Banking, Insurance, Securities, Cloud Outsourcing, Guidance, Cloud Computing, Operational Risk, Bundesbank, BaFin
Previous ArticleIASB Publishes Work Plan and Meeting Updates for June 2019
The Australian Prudential Regulation Authority (APRA) released an update on the timelines for revisions to the market risk prudential standards and the implications for the broader capital framework.
Three global standard-setters launched a joint consultation that reviews the margining practices during the COVID-19 pandemic and identifies potential areas for further policy work.
The Bank of England (BoE) published the Statistical Notice 2021/09 requiring additional information from firms and software vendors to assist in the onboarding and testing phases for migrating statistical reporting to the BEEDS portal.
The European Banking Authority (EBA) published the final draft regulatory technical standards on gross jump-to-default amounts and on residual risk add-on under the Capital Requirements Regulation or CRR.
The Financial Conduct Authority (FCA) published the final rules on the Investment Firms Prudential Regime (IFPR) to streamline and simplify the prudential requirements for solo-regulated UK firms authorized under the Markets in Financial Instruments Directive (MiFID).
The European Supervisory Authorities (ESAs) have delivered to the European Commission (EC) the final report on the draft regulatory technical standards for disclosures under the Sustainable Finance Disclosure Regulation (SFDR).
The European Banking Authority (EBA) published an advice to the European Commission (EC) on funding in resolution and insolvency as part of the review of the crisis management and deposit insurance (CMDI) framework.
The Financial Stability Oversight Council (FSOC) released a report in response to the U.S. President's Executive Order on climate-related financial risk.
The Bank for International Settlements (BIS) published a paper that examines the business models and the associated risks posed by big technology firms foraying into financial services sector.
The Bank for International Settlements (BIS) announced the development of an Asian Green Bond Fund, in collaboration with the development financing community, to channel global central bank reserves to green projects in Asia Pacific.