Amid a rise in remote working due to Covid-19, the European Securities and Markets Authority (ESMA) launched a consultation on outsourcing to the cloud.
The proposals, which are out for comment until Sept. 1, aim to provide guidance to both industry firms and regulators about the risks and challenges arising from cloud outsourcing arrangements.
Notably, the paper highlights data security concerns and concentration risk, which could negatively affect financial stability.
Among other things, the proposed guidelines set out due diligence standards, minimum requirements for outsourcing agreements, security standards, governance and oversight measures.
“Cloud outsourcing can bring benefits to firms and their customers, for example reduced costs and enhanced operational efficiency and flexibility,” said Steven Maijoor, chair of the ESMA. “It also raises important challenges and risks that need to be properly addressed, particularly in relation to data protection and information security.”
“Financial markets participants should be careful that they do not become overly reliant on their cloud services providers,” Maijoor added.
“They need to closely monitor the performance and the security measures of their cloud service provider and make sure that they are able to exit the cloud outsourcing arrangement as and when necessary,” he said.
The ESMA aims to issue final guidance by the first quarter of 2021.