ESMA Sets Out Guidance on Cloud Outsourcing
- New guidelines to help firms and authorities identify risks related to cloud outsourcing arrangements
The European Securities and Markets Authority (ESMA ESMA European Securities and Markets Authority (ESMA) is an independent Authority of the European Union that is responsible for the safety, security, and stability of the European Unions’ financial system and is charged with protecting the public. The European supervisory authority for the securities sector, ESMA was established on 1 January 2011. The European Securities and Markets Authority is an independent EU authority based in Paris. It aims to contribute to the effectiveness and stability of t European Securities and Markets Authority (ESMA) is an independent Authority of the European Union that is responsible for the safety, security, and stability of the European Unions’ financial system and is charged with protecting the public. The European supervisory authority for the securities sector, ESMA was established on 1 January 2011. The European Securities and Markets Authority is an independent EU authority based in Paris. It aims to contribute to the effectiveness and stability of t Read this Term), has published a consultation paper on guidelines on outsourcing to Cloud Cloud The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc Read this Term service providers, the securities markets regulator announced today.
According to the announcement, the guidelines’ purpose is to provide guidance on the outsourcing requirements applicable to financial market participants when they outsource to cloud service providers.
They aim specifically to help firms and competent authorities identify, address and monitor the risks and challenges that arise from cloud outsourcing arrangements.
“Cloud outsourcing can bring benefits to firms and their customers, for example reduced costs and enhanced operational efficiency and flexibility. It also raises important challenges and risks that need to be properly addressed, particularly in relation to data protection and information security,” Steven Maijoor, Chair, said.
“Financial markets participants should be careful that they do not become overly reliant on their cloud services providers.. They need to closely monitor the performance and the security measures of their cloud service provider and make sure that they are able to exit the cloud outsourcing arrangement as and when necessary,” he added.
Maijoor pointed out that today’s proposals will help firms understand and mitigate the risks that they are exposed to when outsourcing to cloud service providers.
Guidelines
The proposed guidelines set out the governance, documentation, oversight and monitoring mechanisms that firms should have in place and the assessment and due diligence which should be undertaken prior to outsourcing.
They also include guidance on the minimum elements that outsourcing and sub-outsourcing agreements should include and the exit strategies and the access and audit rights that should to be catered for.
Additionally, the guidelines set out the notification to competent authorities and the supervision by competent authorities.
ESMA said that the proposed guidelines are consistent with the recommendations on outsourcing to cloud service providers published by the European Banking Authority (EBA) in February 2017 and subsequently incorporated into revised EBA guidelines on outsourcing arrangements in February 2019, and the guidelines on cloud outsourcing published by the European Insurance and Occupational Pensions Authority (EIOPA) in February 2020.
The consultation is open until 1 September 2020.
The European Securities and Markets Authority (ESMA ESMA European Securities and Markets Authority (ESMA) is an independent Authority of the European Union that is responsible for the safety, security, and stability of the European Unions’ financial system and is charged with protecting the public. The European supervisory authority for the securities sector, ESMA was established on 1 January 2011. The European Securities and Markets Authority is an independent EU authority based in Paris. It aims to contribute to the effectiveness and stability of t European Securities and Markets Authority (ESMA) is an independent Authority of the European Union that is responsible for the safety, security, and stability of the European Unions’ financial system and is charged with protecting the public. The European supervisory authority for the securities sector, ESMA was established on 1 January 2011. The European Securities and Markets Authority is an independent EU authority based in Paris. It aims to contribute to the effectiveness and stability of t Read this Term), has published a consultation paper on guidelines on outsourcing to Cloud Cloud The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc The cloud or cloud computing helps provides data and applications that can be accessed from nearly any location in the world so long as a stable Internet connection exists. Categorized into three cloud services, cloud computing is segmented into Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). In terms of trading, the versatility of the cloud service allows retail traders the ability to test out new trading strategies, backtest pre-existing conc Read this Term service providers, the securities markets regulator announced today.
According to the announcement, the guidelines’ purpose is to provide guidance on the outsourcing requirements applicable to financial market participants when they outsource to cloud service providers.
They aim specifically to help firms and competent authorities identify, address and monitor the risks and challenges that arise from cloud outsourcing arrangements.
“Cloud outsourcing can bring benefits to firms and their customers, for example reduced costs and enhanced operational efficiency and flexibility. It also raises important challenges and risks that need to be properly addressed, particularly in relation to data protection and information security,” Steven Maijoor, Chair, said.
“Financial markets participants should be careful that they do not become overly reliant on their cloud services providers.. They need to closely monitor the performance and the security measures of their cloud service provider and make sure that they are able to exit the cloud outsourcing arrangement as and when necessary,” he added.
Maijoor pointed out that today’s proposals will help firms understand and mitigate the risks that they are exposed to when outsourcing to cloud service providers.
Guidelines
The proposed guidelines set out the governance, documentation, oversight and monitoring mechanisms that firms should have in place and the assessment and due diligence which should be undertaken prior to outsourcing.
They also include guidance on the minimum elements that outsourcing and sub-outsourcing agreements should include and the exit strategies and the access and audit rights that should to be catered for.
Additionally, the guidelines set out the notification to competent authorities and the supervision by competent authorities.
ESMA said that the proposed guidelines are consistent with the recommendations on outsourcing to cloud service providers published by the European Banking Authority (EBA) in February 2017 and subsequently incorporated into revised EBA guidelines on outsourcing arrangements in February 2019, and the guidelines on cloud outsourcing published by the European Insurance and Occupational Pensions Authority (EIOPA) in February 2020.
The consultation is open until 1 September 2020.