Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

Financial Regulations: How do they impact your cloud strategy?

Published : 4 years ago, on

By Michael Chalmers, MD EMEA at Contino

How exactly do financial regulations affect your cloud strategy? It’s a question many of our customers have been scratching their heads about. Some solutions are costly and over-complex – but by asking the right questions, the wrong solutions can be avoided.

Following the Financial Conduct Authority’s (FCA) 2020 review, it’s clear that highly regulated enterprises must work harder than ever to stay within various limits which protect customers during an economically strenuous pandemic. Below, I address three questions we’re hearing from customers about how to optimise the cloud whilst sticking to FCA regulations.

  1. What regulations must you consider before outsourcing to a cloud provider?

If you have an application or workload that you’re looking to put into the cloud, you will have various service levels that you’ve defined for that particular stack. When you’re looking at the cloud provider and asking yourself what services to use, you’ll need to consider how that aligns to your service levels. How do I architect it to make sure that it’s aligned and that it can tolerate failure?

At the very start of that journey, before you even start putting your workloads into the cloud, you need to set the standards that you will need to adhere to. The Shared Responsibility Model is a key asset in understanding where your responsibility lies.

There are a number of things that you need to make sure are in your contract with the cloud provider. Unless you specifically sign a contract addendum with them, you can’t guarantee that useful and knowledgeable assistance is included.

While the guidelines are very clear on a number of clauses that you need to put in your contract with the cloud provider, these regulations apply to outsourcing in general. Cloud providers are very mature, so they will come with pre-packed addendums to the standard contract they offer that are customised to comply with FCA regulations. However, if you start outsourcing IT functions in a different way, e.g. if you start using a Software-as-a-Service (SaaS) provider which is delivered using the cloud, the new provider will need to be vetted to make sure that you have the right clauses in your contract with them. While cloud providers are very mature on this, most SaaS tools are not.

  1. How can you control or restrict where data in the cloud moves?

When it comes to data security, there are various options available on Amazon Web Services (AWS). For example, you can securely lock particular regions into an account on AWS. It’s also worth looking at your account structure policy. If you have accounts where data can’t reside outside the EU, you can put the workloads into that bundle and you can lock it down at policy level. There is an element of trust with the provider here as well.

While AWS offers prescribed controls to block certain regions, other cloud providers have different strategies. In the case of Google Cloud (GCP), you can specify service controls so that, even for managed services such as Big Query, you can lock your data in not just one region, but within your virtual private cloud. In other words, not only can you block specific regions or allow specific regions, you can specify that only things within a region can assess data within a region as a general policy.

  1. What does the regulator need to see to approve your exit strategy?

In terms of documentation, it’s not a case of “show me your policies and test plan” but rather “show me how you exercise it”.

Most of the time it’s a months-long process and it comes down to personal relationships: you build trust over time with the regulator as you build your exit plan. You should be able to discuss what else they would like to see in there.  While there used to be a template for an exit plan in the European Banking Authority (EBA) regulations in a previous version, this has since been removed.

Regulators don’t tend to look at test reports. However, they do post a lot of information on audit reports and auditors. These auditors are there to check you’re doing what you say you’re doing. At the end of the day you are responsible for demonstrating your exit plan – it has to be coherent, consistent and compelling.

Final Thoughts

The truth is, most of the time, regulators are just trying to encourage you to do what works. That being said, sometimes their outlook doesn’t quite match with your view, or sometimes there’s an artificial difference that can be smoothed over or finessed. Occasionally you have to remember that we had 2008. What if in 2020 we have a massive AWS outage?

Multi-cloud is a natural strategy. There’s a number of high-level, cloud-native services that can be leveraged to simplify the implementation of multi-cloud in large financial institutions. Adhering to the multitude of guidelines can be complex and time-consuming, but forging the right path through the regulations will ensure that your multi-cloud is optimised to provide the most streamlined and efficient service possible to your business.

Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post