The use of cloud services is growing at a fast pace in the financial sector with increasing digitalisation, data driven business models and data-intensive regulations. Private cloud provided on-premise is currently the dominant model in the financial sector, however the advantages of the cloud are usually associated mostly with mutualised public cloud services, which are still at an early stage of adoption, particularly for core activities.
Public cloud provides access to best-in hard & software through mutualisation, cost efficiency and flexibility, as well as automation and resiliency features. Cloud platforms also facilitate the processing of large quantities of data and the development and implementation of AI and DLT systems. However, reaping the full benefits of public cloud requires adapting legacy IT infrastructures, operating models and processes and addressing regulatory fragmentation issues. Other potential challenges stressed by regulators include legal extra-territoriality issues and an increase of third-party dependencies.
At present cloud is considered as a form of outsourcing by regulators. Specific guidance has been developed by the ESAs in order to help financial firms mitigate potential operational risks associated with cloud arrangements. Proposals have also been made by the Commission to develop a EU cloud rulebook in areas such as data protection, security, portability and foster the development of cloud infrastructures respecting these standards. Other measures currently being assessed include the possibility of supervising critical CSPs and establishing standard contractual clauses.
Contributions to the policy debate
Extracted from the main Eurofi publications (Regulatory Updates, Views Magazines and Conference Summaries)