The European Banking Authority (EBA) has drafted recommendations aiming to provide guidelines for institutions on cloud computing. They are addressed to, in specific, credit institutions, investment firms and public authorities.
With the intention on clarifying the EU-wide supervisory expectations the EBA has launched a consultation on this draft. The EBA asks the institutions to submit their comments to the draft by the 18th of August 2017 at the latest. Before this deadline there will be a public hearing at the EBA premises in the UK on the 20th of July 2017.
The recommendations are built on the general outsourcing guidelines of the Committee of European Bank Supervisors (CEBS) from 2006. Since this general outline the use of cloud computing in the banking industry has gained in popularity. These general guidelines will remain applicable for the general outsourcing by institutions, but the new recommendations will provide for additional guidelines in the specific context of institutions outsourcing to cloud service providers.
The rise in popularity of cloud computing is accompanied by a high level of uncertainty regarding the supervisory expectations that apply to outsourcing to cloud service providers. This constitutes a barrier to institutions using said services. The uncertainty sprouts from the differences in the national regulatory and supervisory frameworks as for example with regards to the information obligations applying to institutions towards competent authorities.
The recommendation addresses five key areas:
Learn more about how European financial institutions outsource to cloud service providers in our article on cloud computing and the EU financial services.
For more information about FinTech Law, cloud computing, GDPR, PSD2 etc please contact a time.lex lawyer. Edwin Jacobs is a founder of the FinTech Lawyers. A network of European lawyers who advise financial technology businesses in legal and regulatory matters, such as cloud computing.