The Bank of Mauritius (BoM) is proposed guidelines on the private banking business and on the general principles for use of cloud services. The proposed cloud services guideline lays down the minimum requirements that shall be applicable to the use of cloud services provided by third parties for material services; where specified in the guideline, these minimum requirements shall also apply to services that involve customer information. The draft guideline applies to all cloud-based arrangements entered by any financial institution licensed by BoM under the Banking Act 2004. The consultation is open until September 08, 2021.
The draft guideline on the use of cloud services provides the necessary guidance to financial institutions engaging in the use of cloud services such that the risks are appropriately identified and managed. The draft guideline on use of cloud services highlights that financial institutions are expected to follow a risk-based approach in respect of cloud services. The level of governance to be applied, the information security requirements, the types of controls to be deployed, and the level of the initial and ongoing due diligence and assurance to be performed shall be commensurate with the criticality of the services. Financial institutions will also be comply to the guideline on outsourcing by financial institutions in the event an outsourced activity avails of the use of cloud services. According to the draft guideline, financial institutions shall submit to BoM a return on use of cloud-based services/activities, containing a list of all material and non-material cloud-based services/activities in the form and manner prescribed by BoM on an annual basis. The annual return should be submitted within the next twenty working days of the previous calendar year. In the event of any change, the amended return shall be submitted within a week following the change. Financial institutions shall report promptly to BoM any incident including unauthorized access or breach of confidentiality and security, directly or indirectly, by a cloud service provider and the action/s it is proposed to take in consequence. A transitional period of six months shall be granted to all financial institutions to ensure compliance with the requirements of the guideline.
In addition, BoM launched a public consultation on another draft guideline, which sets out the regulatory and supervisory framework applicable to banks conducting private banking business. This guideline specifies additional requirements to, or exemptions from, the rules applicable to conventional banking. It sets out the terms under which BoM is prepared to consider exemptions from the Banking Act 2004 under section 7(7D) of the Banking Act. This guideline applies to banks which are licensed under the Banking Act 2004 and which engage in private banking business. Section II of this guideline on exemptions applicable to banks licensed to carry on exclusively private banking business shall apply only to banks licensed under section 7(5) of the Banking Act 2004 to carry on exclusively private banking business. The other sections of the guideline apply to banks carrying on exclusively private banking business as well as banks offering private banking services as part of their conventional banking services. This guideline supersedes the guidelines for banks licensed to carry on private banking business introduced in February 2017. The consultation is open until September 15, 2021.
- Notification on Draft Guideline on Use of Cloud Services
- Draft Guideline on Use of Cloud Services (PDF)
- Notification on Draft Guideline for Private Banking Business
- Draft Guideline for Private Banking Business (PDF)
Comment Due Date: September 08, 2021 (Cloud Guideline)/September 15, 2021 (Private Banking Business Guideline)
Keywords: Middle East and Africa, Mauritius, Banking, Cloud Service Providers, Cloud Computing, Governance, Private Banking, Banking Act, Reporting, Regtech, BOM
Previous ArticleBDF Updates IT Specifications for AnaCredit Reporting
The Australian Prudential Regulation Authority (APRA) released the final Prudential Practice Guide on management of climate change financial risks (CPG 229) for banks, insurers, and superannuation trustees.
The European Council adopted its position on two proposals that are part of the digital finance package adopted by the European Commission in September 2020, with one of the proposals involving the regulation on markets in crypto-assets (MiCA) and the other involving the Digital Operational Resilience Act (DORA).
The Prudential Regulation Authority (PRA) is proposing, via the consultation paper CP21/21, to apply group provisions in the Operational Resilience Part of the PRA Rulebook (relevant for the Capital Requirements Regulation or CRR firms) to holding companies.
The European Commission (EC) has adopted a package of measures related to the Capital Markets Union.
The European Banking Authority (EBA) published the final report on draft regulatory technical standards for the calculation of risk-weighted exposure amounts of collective investment undertakings or CIUs, in line with the Capital Requirements Regulation (CRR).
The Board of Governors of the Federal Reserve System (FED) published a report that summarizes banking conditions in the United States, along with the supervisory and regulatory activities of FED.
The Australian Prudential Regulation Authority (APRA) recently completed two pilot initiatives in its 2020-2024 Cyber Security Strategy, which was published in November 2020.
The Basel Committee on Banking Supervision (BCBS) published further information related to its 2021 assessment of global systemically important banks (G-SIBs), with additional details to help understand the scoring methodology.
The Financial Accounting Standards Board (FASB) is consulting on an Accounting Standards Update and the associated taxonomy improvements for requirements on troubled debt restructurings and vintage disclosures under the credit losses standard (for financial instruments) topic 326.
US Agencies issued a statement that summarizes the work undertaken during the interagency policy sprints focused on crypto-assets and provides a roadmap of future work related to crypto-assets.