From the Regulators

The guidance tackles key aspects of outsourcing to the cloud, including data and systems security, the location of data and data processing, access and audit rights, outsourcing, contingency plans and exit strategies

By James Langton |


The European Banking Authority (EBA) issued new final guidance that aims to clarify supervisory expectations for financial services firms that utilize cloud-computing services and outsource these services to external providers.

The EBA says that the guidance is intended to allow financial services firms — including banks, investment firms and regulators — to "leverage the benefits of using cloud services, while ensuring that any related risks are adequately identified and managed."

The guidance, which takes effect July 1, 2018, aims to address several key aspects of outsourcing to the cloud, including data and systems security, the location of data and data processing, access and audit rights, outsourcing, contingency plans and exit strategies.

"The growing importance of cloud services as a driver of innovation and the increasing interest for the use of cloud outsourcing solutions within the banking industry have prompted the EBA to develop these recommendations," the EBA says.

Photo copyright: johan2011/123RF