Aggregated News From Investment Management Regulators

ESMA consults on cloud outsourcing guidelines

Report/Flag

Please complete the required fields.



The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, has today published a consultation paper on guidelines on outsourcing to cloud service providers.

The guidelines’ purpose is to provide guidance on the outsourcing requirements applicable to financial market participants when they outsource to cloud service providers. In particular, they aim to help firms and competent authorities identify, address and monitor the risks and challenges that arise from cloud outsourcing arrangements.

Steven Maijoor, Chair, said:

“Cloud outsourcing can bring benefits to firms and their customers, for example reduced costs and enhanced operational efficiency and flexibility. It also raises important challenges and risks that need to be properly addressed, particularly in relation to data protection and information security.

“Financial markets participants should be careful that they do not become overly reliant on their cloud services providers.. They need to closely monitor the performance and the security measures of their cloud service provider and make sure that they are able to exit the cloud outsourcing arrangement as and when necessary.”

“Today’s proposals will help firms understand and mitigate the risks that they are exposed to when outsourcing to cloud service providers.”

The proposed guidelines set out:

·       The governance, documentation, oversight and monitoring mechanisms that firms should have in place;

·       The assessment and due diligence which should be undertaken prior to outsourcing;

·       The minimum elements that outsourcing and sub-outsourcing agreements should include;

·       The exit strategies and the access and audit rights that should to be catered for;

·       The notification to competent authorities; and

·       The supervision by competent authorities.

The proposed guidelines are consistent with the recommendations on outsourcing to cloud service providers published by the European Banking Authority (EBA) in February 2017 and subsequently incorporated into revised EBA guidelines on outsourcing arrangements in February 2019, and the guidelines on cloud outsourcing published by the European Insurance and Occupational Pensions Authority (EIOPA) in February 2020.

Next steps

The consultation is open until 1 September and seeks feedback from both national competent authorities and financial market participants that use cloud services provided by third parties. The consultation is also important for cloud service providers, as the draft guidelines aim to ensure that potential risks firms may face from the use of cloud services are properly addressed. ESMA aims to publish the Final Report on the Guidelines by Q1 2021.

Source link

Regulator Information

Abbreviation: ESMA
Jurisdiction: ESMA

Recent Articles

Retail investors have grown in number, are younger and increasingly use neo-brokers since the Covid crisis

After an initial analysis of the behaviour of retail investors on the stock market conducted in April 2020 during the first lockdown, the Autorité des Marchés Financiers has confirmed the renewed in

The AMF announces two appointments to the Regulatory Policy and International Affairs Directorate (DRAI)

Kheira Benhami has been appointed Chief Economist and Director of the Analysis, Financial Stability and Risks Division at the DRAI as of 2 November, while Ianja Ramananarivo was appointed Head of th

Aclassbank / Bellerophon Group Ltd

Attention! The FMA warns investors against concluding transactions with: Aclassbank / Bellerophon Group Ltd with its registered address apparently in Mauritius and St. Vincent and Grenadines Web: www.aclassbank.com E-Mail:...

Get the latest from Regulatory.News in your inbox!

×