The third European Supervisory Authority has issued guidelines on outsourcing and, in ESMA's case, cloud service providers when outsourcing.
This is a busy time for Technology and Compliance teams at financial insitutions, as well as FinTech suppliers, as they grapple with the myriad of new regulations and guidelines being issued on this subject and on the broader concept of Operational Resilience.
The situation is further compounded during the current crisis when financial regulators are also asking to see financial institutions' BCPs.
Let's hope the fast pace of demand for innovation is not slowed down as a result.
The guidelines’ purpose is to provide guidance on the outsourcing requirements applicable to financial market participants when they outsource to cloud service providers. In particular, they aim to help firms and competent authorities identify, address and monitor the risks and challenges that arise from cloud outsourcing arrangements.
Steven Maijoor, Chair, said:
“Cloud outsourcing can bring benefits to firms and their customers, for example reduced costs and enhanced operational efficiency and flexibility. It also raises important challenges and risks that need to be properly addressed, particularly in relation to data protection and information security.
“Financial markets participants should be careful that they do not become overly reliant on their cloud services providers..