APRA Updates Guidance on Cloud Computing Services
APRA released updated guidance, in the form of an Information Paper, on the use of shared computing services, such as cloud, by APRA-regulated entities. The new paper acknowledges that advancements in cloud computing service offerings over the past three years have improved the ability of APRA-regulated entities to manage the risks involved. However, it also emphasizes the need for entities to be mindful of the differing levels of responsibility for operating and managing these arrangements.
This Information Paper is relevant for a broad audience including boards, senior management, risk management, technical specialists, and internal audit. APRA has a number of existing prudential standards and practice guides that are pertinent to cloud computing services. These Prudential Standards and Prudential Practice Guides include CPS 231 Outsourcing; SPS 231 Outsourcing; HPS231 Outsourcing; PPG 231 Outsourcing; SPG 231 Outsourcing; CPS 232 Business Continuity Management; SPS 232 Business Continuity Management; CPG 233 Pandemic Planning; (draft) CPS 234 Information Security, CPG 234 Management of Security Risk in Information and Information Technology; and CPG 235 Managing Data Risk. This Information Paper applies the concepts included in these standards and guides and APRA intends to reflect the principles in this paper in future guidance updates. For the purpose of this paper, APRA has classified these risks into three broad categories: low, heightened, and extreme.
- For arrangements with low inherent risk not involving offshoring, APRA would not expect an APRA-regulated entity to consult with APRA prior to entering into the arrangement.
- For arrangements with heightened risk, APRA would expect to be consulted after the APRA-regulated entity’s internal governance process is completed.
- For arrangements involving extreme inherent risk, APRA encourages earlier engagement as these arrangements will be subjected to a higher level of scrutiny.
The new Information Paper updates information on prudential considerations and key principles issued to APRA-regulated entities in July 2015. It has been developed in response to the growing use of the cloud by APRA-regulated entities for higher inherent risk activities and in response to the observed areas of weakness in how entities approach and manage these risks. APRA-regulated entities should note that while this information paper does not constitute formal regulation, APRA intends to incorporate the better practices described in the paper into prudential standards and practice guides in the future. Any such changes will be subject to APRA’s normal processes of consultation.
Related Links
Keywords: Asia Pacific, Australia, Banking, Fintech, Cloud Computing, Guidance, APRA
Previous Article
EBA Launches the 2018 Data Transparency Exercise for EURelated Articles
|
News
FSI Paper Examines Use of Suptech Initiatives by Financial AuthoritiesThe Financial Stability Institute (FSI) of BIS published a paper that examines the suptech developments by analyzing suptech initiatives of 39 financial authorities globally.
October 17, 2019
WebPage
Regulatory News
|
|
News
US Agencies Consult on Policy Statement on Allowance for Credit LossesUS Agencies (FDIC, FED, NCUA, and OCC) are consulting on the policy statement on allowances for credit losses and on the guidance on credit risk review systems.
October 17, 2019
WebPage
Regulatory News
|
|
News
PRA Consults on Approach to Supervising Liquidity and Funding RisksIn consultation paper (CP27/19), PRA published a proposal (CP27/19) to update the supervisory statement SS24/15 on the PRA approach to supervising liquidity and funding risk.
October 17, 2019
WebPage
Regulatory News
|
|
News
FSB Report Examines Implementation and Impact of G20 Financial ReformsFSB published fifth annual report on the implementation and effects of the G20 financial regulatory reforms.
October 16, 2019
WebPage
Regulatory News
|
|
News
EBA Launches Consultation on Comprehensive Pillar 3 DisclosuresEBA proposed the new comprehensive implementing technical standard (ITS) for public disclosures by financial institutions.
October 16, 2019
WebPage
Regulatory News
|
|
News
EBA Consults on Revised Technical Standards on Supervisory ReportingEBA launched a consultation on the revised implementing technical standards, or ITS, on supervisory reporting.
October 16, 2019
WebPage
Regulatory News
|
|
News
BoE and FCA Examine Use of Machine Learning in Financial Sector in UKBoE and FCA published a report on the results of a joint survey by BoE and FCA in 2019 to better understand the use of machine learning in the financial services sector in UK.
October 16, 2019
WebPage
Regulatory News
|
|
News
BCBS Report Examines Progress on Adoption of Basel FrameworkBCBS published the seventeenth progress report on adoption of Basel regulatory framework.
October 16, 2019
WebPage
Regulatory News
|
|
News
APRA Proposes Measures to Strengthen Capital for Bank DepositorsAPRA proposed changes to APS 111, which is the prudential standard on measuring capital adequacy and establishes the criteria for regulatory capital requirements of authorized deposit-taking institutions.
October 15, 2019
WebPage
Regulatory News
|
|
News
EIOPA Consults on Technical Advice for the 2020 Review of Solvency IIEIOPA is consulting on an opinion that sets out technical advice for the 2020 review of Solvency II.
October 15, 2019
WebPage
Regulatory News
|
