Consultation on recommendations on outsourcing to cloud service providers
- Consultation
- 18 AUGUST 2017
- EBA/CP/2017/06
The European Banking Authority (EBA) launched today a consultation setting out its guidance for the use of cloud service providers by financial institutions. The EBA Recommendations intend to clarify the EU-wide supervisory expectations if institutions intend to adopt cloud computing, so as to allow them to leverage the benefits of using cloud services, while ensuring that any related risks are adequately identified and managed. The consultation runs until 18 August 2017.
The growing importance of cloud services as a driver of innovation and the increasing interest for the use of cloud outsourcing solutions within the banking industry have prompted the EBA to develop these Recommendations on its own initiative. This guidance, which builds on the existing Guidelines on outsourcing developed by the Committee of European Banking Supervisors (CEBS), provides additional clarity on cloud computing.
In particular, the Recommendations address five key areas: the security of data and systems, the location of data and data processing, access and audit rights, chain outsourcing, and contingency plans and exit strategies.
The Recommendations are addressed to credit institutions, investment firms and competent authorities. The EBA, in its follow-up work, will explore the possible applicability of the provisions laid down in these Recommendations to other types of regulated entities.
Consultation process
Comments to this consultation can be sent to the EBA by clicking on the "send your comments" button on the consultation page. Please note that the deadline for the submission of comments is 18 08 2017. A public hearing will take place at the EBA premises on 20 06 2017 from 10.30 to 12.30 UK time.
Legal basis
These Recommendations have been developed according to Article 16 of Regulation (EU) No 1093/2010 (“the EBA Regulation”), which mandates the EBA to issue guidelines and recommendations addressed to competent authorities, with a view to establishing consistent, efficient and effective supervisory practices and ensuring the common, uniform and consistent application of European Union law.
Responses
The form is now closed.
Received responses to the EBA
- 1. Microsoft
- 2. German Banking Industry Committee
- 3. Fédération bancaire française
- 4. Standard Chartered Bank
- 5. Verband der Auslandsbanken in Deutschland e.V. | Association of Foreign Banks in Germany
- 6. PayPal Europe
- 7. Association of Foreign Banks
- 8. Eurofinas
- 9. Dutch Banking Association (Nederlandse Vereniging van Banken)
- 10. Interessengemeinschaft Kreditkarten (The IK is a competition neutral platform without legal capacity for entities, which act in the credit and debit card business in Germany (Issuer, Acquirer, Network Service Providers, Processing Entities, Licensors), registered in the EU-Transparency Register under Ident-no. 209142612442-39)
- 11. Temenos
- 12. ESBG (European Savings and Retail Banking Group)
- 13. HyTrust
- 14. CISPE (Cloud Infrastructure Services Providers in Europe)
- 15. European Banking Federation
- 16. Finance Norway
- 17. Alternative Investment Management Association (AIMA)
- 18. Electronic Money Association
- 19. Finance Denmark
- 20. Cloud Security Alliance
- 21. European Association of Co-operative Banks
- 22. Banking & Payments Federation Ireland (BPFI)
- 23. SWIFT
- 24. Yorkshire Building Society Group
- 25. AFME
- 26. London Stock Exchange Group
- 27. Czech Banking Association
- 28. Deutsche Bank AG
- 29. Smart Payment Association
- 30. Deutsche Börse Group
- 31. Nasdaq
- 32. Division Bank and Insurance Austrian Federal Economic Chamber
- 33. bbva
- 34. Pinsent Masons
- 35. IBM
- 36. DXC Technology
- 37. Asociación Española de Banca (AEB)
Documents
Draft Recommendation on outsourcing to Cloud Service (EBA-CP-2017-06)
(259.61 KB - PDF) Last update 18 May 2017