Cloud compliance | ORBIT

Cloud compliance: regulation and regulation as a ticket to the Cloud

Although there are still differing opinions on the use of the Cloud, according to CSO data, 45 % companies with more than 250 employees are already using it, which is 25 percentage points more than in 2014. Financial and payment institutions have to comply with more than 250 regulatory guidelines, which makes it more difficult for them to enter the Cloud environment. Because we have a lot of experience with cloud compliance, we know how to meet all the requirements.

Cloud Compliance | ORBIT

JUNGLE AND FOREST REGULATIONS

The Czech National Bank, together with international institutions, forms the regulatory base for financial market supervision. In 2018 alone, it issued more than 30 laws, decrees and recommendationsto which financial companies must respond.

From the jungle of all legal requirements related to outsourcing and cloud computing, let's mention just three: Decree No. 163/2014 Coll., Official CNB notice on the performance of activities on the financial market - cloud computing, Communication from the CNB on the EBA's general guidelines on outsourcing etc.

Doesn't that seem like enough? Under the subtle "etc." there's a huge number of other requirements, with one regulation after another. We don't want to scare anyone, but that's not all.

KEY REGULATIONS

Decree No. 163/2014 Coll.

It defines the basic concepts associated with outsourcing and the necessary requirements that financial institutions must meet.

Official CNB announcement on the performance of activities on the financial market - cloud computing (19 August 2016)

It defines the concept of cloud computing and defines the requirements that the CNB assesses for a financial services provider that has decided to outsource.

Communication from the CNB on the EBA's general guidelines on outsourcing (30 September 2019)

It contains guidelines for the prudent use of outsourcing in the preparation, implementation and completion phases and key elements of the management and control system.
Decree No. 163/2014 Coll.

It defines the basic concepts associated with outsourcing and the necessary requirements that financial institutions must meet.

Official CNB announcement on the performance of activities on the financial market - cloud computing (19 August 2016)

It defines the concept of cloud computing and defines the requirements that the CNB assesses for a financial services provider that has decided to outsource.

Communication from the CNB on the EBA's general guidelines on outsourcing (30 September 2019)

It contains guidelines for the prudent use of outsourcing in the preparation, implementation and completion phases and key elements of the management and control system.

HOW TO BLAZE A TRAIL AND BE CLOUD COMPLIANT

For financial institutions considering entering the cloud, the requirements of regulators are just the beginning. The hard part is find answers to dozens of questions related to your own operation:

How do you protect personal data in the cloud? How do you resolve the issue of resolution strategy in intragroup cloud? How do you build a real business case for Office 365? How do you properly assess operational and ICT risks? How do you build the right operational and security models relative to the provider?

The answers are not to be found in the regulations of the financial regulators. You need a partner who has experience in cloud compliance, with specific cloud projects for financial institutions across Europe. You need Compliance study by ORBIT.

2020: WHAT LIES AHEAD FOR BANKS?

The big movers of the financial sector - EBA, CEBS, SRB, ECB - include financial sector unification in their strategies. One of the big themes is the aforementioned resolution strategy, which involves unification of regulatory obligations through the Single Rule Book, the BRRD (Bank Recovery and Resolution Directive) and the SRM (Single Resolution Mechanism).

Another example is the newly arrived EBA - General guidance on outsourcingwhich entered into force on 30 September 2019 and which repeals the original regulations that were binding for several years. National banks are in a situation where they may or may not adopt (or amend) these guidelines. How will the national institutions deal with this? We are curious ourselves. Just to give you an idea - the "new EBA" has 2.5 times more pages than the original.

MANUAL TO THE CLOUD

The compliance study was developed over several years based on our best-practice at several major banks, inter alia within the framework of ERSTE Groupwhere we successfully implemented a project across seven European countries.

It is not a formal document guaranteeing only compliance with the legal requirements of the regulators. A compliance study also takes into account internal guidelines and client needs. It includes in particular solution architecture, description of the operating model, security management, risk analysis, contracting basis and last but not least financial balance sheetthat quantifies cloud benefits.

We can advise you on how to tackle all of these areas (and more) and create a functional and realistic compliance requirement. The result will be a supporting internal document that you can also use to notify the CNB of your intention to enter the cloud or as a basis for an audit.

CLOUD COMPLIANCE: WE KNOW HOW TO DO IT

We have verified that in the shadows of the jungle of financial regulations and well-intentioned recommendations we know our way around like few. There is no rule that we don't know about that we can't handle. We keep ourselves in the loop by working with the best and we share our know-how on Compliance portal.

COMPLIANCE PORTAL

Being compliant means meeting all the requirements imposed on financial institutions. COMPLIANCE PORTAL is a practical guide to the tangle of regulations, rules and recommendations in a cluttered cloud world.

Cloud computing on Cloud Compliance Portal | ORBIT

VISIT THE PORTAL

CLOUD COMPLIANCE DOESN'T HAVE TO WORRY YOU ANYMORE.

WE WILL PREPARE TOGETHER FOR YOUR COMPANY COMPLIANCE STUDY.

LET'S MAKE AN APPOINTMENT

ALL NEWS

Similar Posts