Outsourcing can have huge advantages for financial firms, but the rules about how to get it right must be clear, which is why the EU’s securities markets regulator is now asking the industry players for advice.
The European Securities and Markets Authority (ESMA) has published a consultation paper on guidelines on outsourcing to cloud service providers. It said that the proposed guidelines are designed to provide guidance on the outsourcing requirements applicable to financial market participants when they outsource to cloud service providers.
In particular, the new guidelines aim to help firms and competent authorities identify, address and monitor the risks and challenges that arise from cloud outsourcing arrangements.
“Cloud outsourcing can bring benefits to firms and their customers, for example reduced costs and enhanced operational efficiency and flexibility,” said Steven Maijoor, Chair at ESMA. “It also raises important challenges and risks that need to be properly addressed, particularly in relation to data protection and information security.
“Financial markets participants should be careful that they do not become overly reliant on their cloud services providers. They need to closely monitor the performance and the security measures of their cloud service provider and make sure that they are able to exit the cloud outsourcing arrangement as and when necessary.”
“Today’s proposals will help firms understand and mitigate the risks that they are exposed to when outsourcing to cloud service providers.”
The proposed guidelines set include what due diligence should be made before outsourcing, what documentation should be needed, the monitoring required, the minimum elements that outsourcing and sub-outsourcing agreements should include, the exit strategies and the access and audit rights that should to be catered for, the notification to competent authorities, and the supervision by competent authorities.
The consultation is open until September 1 and seeks feedback from both national competent authorities and financial market participants that use cloud services provided by third parties.
Copyright © 2018 RegTech Analyst