ESMA consults on cloud outsourcing guidelines

The European Securities and Markets Authority (ESMA) published a consultation paper on guidelines on outsourcing to cloud service providers. The guidelines’ purpose is to provide guidance on the outsourcing requirements applicable to financial market participants when they outsource to cloud service providers. In particular, they aim to help firms and competent authorities identify, address and monitor the risks and challenges that arise from cloud outsourcing arrangements.

Steven Maijoor, ESMA’s chair, said in a statement: “Financial markets participants should be careful that they do not become overly reliant on their cloud services providers. They need to closely monitor the performance and the security measures of their cloud service provider and make sure that they are able to exit the cloud outsourcing arrangement as and when necessary. Today’s proposals will help firms understand and mitigate the risks that they are exposed to when outsourcing to cloud service providers.”

The proposed guidelines set out:

  • The governance, documentation, oversight and monitoring mechanisms that firms should have in place;\
  • The assessment and due diligence which should be undertaken prior to outsourcing;
  • The minimum elements that outsourcing and sub-outsourcing agreements should include;
  • The exit strategies and the access and audit rights that should be catered for;
  • The notification to competent authorities; and
  • The supervision by competent authorities.

Read the full guidelines

Related Posts

Previous Post
How institutional tokenization in Asia is shaping out mid-pandemic (Premium)
Next Post
BIS via ISDA: OTC derivatives notional down 12.8% from mid-year 2019 to end 2019

Fill out this field
Fill out this field
Please enter a valid email address.


Reset password

Create an account