Subscribe
|
|
|
|
|
|
|
News

ECB launches consultation on cloud outsourcing guidelines

Tuesday 4 June 2024 13:46 CET | News

The European Central Bank has launched a public consultation on its new guide concerning the outsourcing of cloud services to cloud service providers. 

 

According to the official announcement, the Guide aims to clarify both the ECB’s understanding of related legal requirements and its expectations for the banks it supervises. This will make supervision more consistent while helping ensure a level playing field for all banks. The Guide draws on risks and best practices observed by Joint Supervisory Teams in the context of ongoing supervision and dedicated on-site inspections. 


The public consultation on the Guide on outsourcing cloud services ends on 15 July 2024. The ECB will subsequently publish the comments received, together with a feedback statement and the final Guide. 

The European Central Bank has launched a public consultation on its new guide concerning the outsourcing of cloud services to cloud service providers.

Supervisory expectations and best practices for banks 

Banks are increasingly adopting cloud computing services from third-party providers. These services offer advantages that are potentially cheaper, more flexible, and more secure. However, relying on external providers also introduces risks. For example, if a bank is unable to quickly replace outsourced services during a failure, its operations may be disrupted. Moreover, the cloud service market is highly concentrated, with many banks depending on a few providers based outside of Europe. Therefore, the ECB considers it good practice for banks to explicitly take these risks into consideration.  

During its 2023 Supervisory Review and Evaluation Process, the ECB identified various vulnerabilities in banks’ IT outsourcing arrangements. Therefore, third-party risk management, including cloud outsourcing, remains a high priority on the ECB’s supervisory agenda for 2024-2026. 

In an effort to enhance ICT related risk management, EU legislators introduced the Digital Operational Resilience Act (DORA). This highlights the need to proactively mitigate risks that could lead to the disruption of critical functions or services.  

Legal acts such as the DORA and the Capital Requirements Directive require banks to establish effective governance of risk stemming from outsourcing, as well as to build up frameworks for IT security and for cyber resilience. The Guide outlines the ECB’s understanding of these specific rules and how they apply to the banks it supervises. 

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: central bank, banks, banking, regulation, cloud services
Categories: Banking & Fintech
Companies: European Central Bank
Countries: Europe
This article is part of category

Banking & Fintech

::: more

European Central Bank

|
Discover all the Company news on European Central Bank and other articles related to European Central Bank in The Paypers News, Reports, and insights on the payments and fintech industry:





Industry Events

Free Headlines ::: subscribe now
RSS ::: follow ThePaypers via RSS ::: connect
LinkedIn ::: connect with ThePaypers on LinkedIn ::: connect
Twitter ::: follow ThePaypers on Twitter ::: follow
Facebook ::: like ThePaypers on Facebook ::: like