Cloud compliance: regulations as a ticket to the Cloud
Although there are still differing views on the use of the Cloud, according to CSO data, it is already used by 45 % of companies with more than 250 employees, which is 25 percentage points more than in 2014. At the same time, financial and payment institutions have to comply with over 250 regulatory guidelines, which makes it much more difficult for them to enter the cloud environment. Because we have a lot of experience with Cloud compliance, we know how to meet all the requirements.
In THE JUNGLE AND THE FOREST of REGULATIONS
The Czech National Bank, together with international institutions, forms the regulatory base for financial market supervision. In 2018 alone, it issued more than 30 laws, decrees and recommendations to which financial companies must respond.
From the jungle of all legal requirements associated with outsourcing and the cloud, let us mention only three: Decree no. 163/2014 Sb., Official communication of the CNB on the performance of activities on the financial market – cloud computing, CNB communication on EBA’s general guidelines on outsourcing etc.
Does it seem not too much to you? Beneath the inconspicuous “etc.” there is a huge number of other requirements, behind which one regulation is chained after another. We don’t want to scare anyone, but that’s not all.
KEY REGULATIONS
Decree no. 163/2014 Sb.
It defines the basic concepts associated with outsourcing and the necessary requirements that financial institutions must meet.
Official Communication of the CNB on the performance of activities on the financial market – cloud computing (19 August 2016)
It defines the concept of cloud computing and defines the requirements that the CNB assesses for a financial services provider that has decided to outsource.
CNB communication on EBA general guidelines on outsourcing (30 September 2019)
It contains guidelines for the prudent use of outsourcing in the preparation, implementation and termination phases, and key elements of the management and control system.
HOW TO CUT A TRAIL AND BE CLOUD COMPLIANt
For financial institutions considering entering the cloud environment, regulators’ requirements are just the beginning. The hard part is finding answers to the dozens of questions associated with running your own operations.
How do you protect personal data in the cloud? How do you solve the problem of resolution strategy in the intragroup cloud? How do you create a real business case for Office 365? How do you correctly assess operational and ICT risks? How do you properly position operational and safety models relative to the provider?
You will not find the answers in the regulations of financial regulators. You need a partner who has experience with cloud compliance, with specific cloud projects for financial institutions across Europe. You need a compliance study from ORBIT .
2020: WHAT Awaits BANKS?
The big drivers of the financial sector – EBA, CEBS, SRB, ECB – include the unification of the financial sector in their strategies. One of the big topics is the mentioned resolution strategy, within which there is unification of regulatory obligations using the Single Rule Book, Bank Recovery and Resolution Directive (BRRD) and Single Resolution Mechanism (SRM).
Another example is the newcomer EBA – General Outsourcing Guidelines which came into force on 30. 9. 2019 and which repeals the original regulations that have been binding for several years. National banks have found themselves in a situation where they may or may not adopt (or amend) these guidelines. How will the individual national institutions react to this? We are curious ourselves. Just to give you an idea – the “new EBA” has 2.5 times more pages than the original.
MANUAL FOR THE JOURNEY TO CLOUD
We have created a compliance study over the years based on our best-practice in several major banks, within ERSTE Group, where we successfully implemented a project across seven European countries.
It is not a formal document guaranteeing only compliance with the legal requirements of regulators. The compliance study also takes into account internal guidelines and client needs. It includes especially solution architecture, description of the operational model, security management, risk analysis, contract basis and last but not least the financial balance sheet that quantifies cloud benefits.
We can advise you on how to deal with all these (and other) areas and create a functional and realistic compliance requirement. The result will be a supporting internal document that you can also use to notify the CNB of your intention to enter the cloud or as a basis for an audit.
CLOUD COMPLIANCE: WE KNOW HOW TO DO IT
We have verified that we know our way around the murky jungle of financial regulations and well-intentioned recommendations like few others. There is no regulation we don’t know about that we can’t handle. We keep ourselves up to date by working with the best and sharing our know-how on the Compliance portal.
Compliance portal
Being compliant means meeting all the requirements imposed on financial institutions. The COMPLIANCE PORTAL is a practical guide to the tangle of regulations, rules and recommendations in a cluttered cloud world.
CLOUD COMPLIANCE DOESN’T HAVE TO BOTHER YOU ANYMORE.
WE WILL PREPARE TOGETHER A COMPLIANCE STUDY FOR YOUR COMPANY.
