The Bank of Mauritius (BoM) is proposed guidelines on the private banking business and on the general principles for use of cloud services. The proposed cloud services guideline lays down the minimum requirements that shall be applicable to the use of cloud services provided by third parties for material services; where specified in the guideline, these minimum requirements shall also apply to services that involve customer information. The draft guideline applies to all cloud-based arrangements entered by any financial institution licensed by BoM under the Banking Act 2004. The consultation is open until September 08, 2021.
The draft guideline on the use of cloud services provides the necessary guidance to financial institutions engaging in the use of cloud services such that the risks are appropriately identified and managed. The draft guideline on use of cloud services highlights that financial institutions are expected to follow a risk-based approach in respect of cloud services. The level of governance to be applied, the information security requirements, the types of controls to be deployed, and the level of the initial and ongoing due diligence and assurance to be performed shall be commensurate with the criticality of the services. Financial institutions will also be comply to the guideline on outsourcing by financial institutions in the event an outsourced activity avails of the use of cloud services. According to the draft guideline, financial institutions shall submit to BoM a return on use of cloud-based services/activities, containing a list of all material and non-material cloud-based services/activities in the form and manner prescribed by BoM on an annual basis. The annual return should be submitted within the next twenty working days of the previous calendar year. In the event of any change, the amended return shall be submitted within a week following the change. Financial institutions shall report promptly to BoM any incident including unauthorized access or breach of confidentiality and security, directly or indirectly, by a cloud service provider and the action/s it is proposed to take in consequence. A transitional period of six months shall be granted to all financial institutions to ensure compliance with the requirements of the guideline.
In addition, BoM launched a public consultation on another draft guideline, which sets out the regulatory and supervisory framework applicable to banks conducting private banking business. This guideline specifies additional requirements to, or exemptions from, the rules applicable to conventional banking. It sets out the terms under which BoM is prepared to consider exemptions from the Banking Act 2004 under section 7(7D) of the Banking Act. This guideline applies to banks which are licensed under the Banking Act 2004 and which engage in private banking business. Section II of this guideline on exemptions applicable to banks licensed to carry on exclusively private banking business shall apply only to banks licensed under section 7(5) of the Banking Act 2004 to carry on exclusively private banking business. The other sections of the guideline apply to banks carrying on exclusively private banking business as well as banks offering private banking services as part of their conventional banking services. This guideline supersedes the guidelines for banks licensed to carry on private banking business introduced in February 2017. The consultation is open until September 15, 2021.
- Notification on Draft Guideline on Use of Cloud Services
- Draft Guideline on Use of Cloud Services (PDF)
- Notification on Draft Guideline for Private Banking Business
- Draft Guideline for Private Banking Business (PDF)
Comment Due Date: September 08, 2021 (Cloud Guideline)/September 15, 2021 (Private Banking Business Guideline)
Keywords: Middle East and Africa, Mauritius, Banking, Cloud Service Providers, Cloud Computing, Governance, Private Banking, Banking Act, Reporting, Regtech, BOM
Scott is a Director in the Regulatory and Accounting Solutions team responsible for providing accounting expertise across solutions, products, and services offered by Moody’s Analytics in the US. He has over 15 years of experience leading auditing, consulting and accounting policy initiatives for financial institutions.
Previous ArticleBDF Updates IT Specifications for AnaCredit Reporting
Next ArticleBNM Revises Reference Rate Framework in Malaysia
The finalization of the two sustainability disclosure standards—IFRS S1 and IFRS S2—is expected to be a significant step forward in the harmonization of sustainability disclosures worldwide.
Decentralized finance (DeFi) is expected to increase in prominence, finding traction in use cases such as lending, trading, and investing, without the intermediation of traditional financial institutions.
The Basel Committee on Banking Supervision (BCBS) published reports that assessed the overall implementation of the net stable funding ratio (NSFR) and the large exposures rules in the U.S.
At the global level, supervisory efforts are increasingly focused on addressing climate risks via better quality data and innovative use of technologies such as generative artificial intelligence (AI) and blockchain.
The finalization of the IFRS sustainability disclosure standards in late June 2023 has brought to the forefront the themes of the harmonization of sustainability disclosures
The European Banking Authority (EBA) recently issued several regulatory publications impacting the banking sector.
The Basel Committee on Banking Supervision (BCBS) launched a consultation on revisions to the core principles for effective banking supervision, with the comment period ending on October 06, 2023.
The U.S. banking agencies (FDIC, FED, and OCC) recently proposed rules implementing the final Basel III reforms, also known as the Basel III Endgame.
The Financial Stability Board (FSB) recently published the second annual progress report on the July 2021 roadmap to address climate-related financial risks.
The recognition of climate change as a systemic risk to the global economy has further intensified regulatory and supervisory focus on monitoring of the environmental, social, and governance (ESG) risks.