Guidelines on Outsourcing to Cloud Service Providers – EBF responds to ESMA consultation
BRUSSELS, 1 September 2020 – The European Banking Federation has responded to the European Securities and Markets Authority (ESMA) consultation on Guidelines on Outsourcing to Cloud Service Providers and has called for a strong alignment of the ESMA guidelines with the existing guidelines of the European Banking Authority (EBA) in order to prevent a disproportionate burden for financial institutions covered by both regimes.
Looking at the already published EBA Guidelines on outsourcing arrangements from 25 February 2019, European banks already face a dedicated set of requirements for outsourcing, including cloud computing services.
Implementation of the guidelines by the national competent authorities in European member states provides the framework for banks’ cloud adoption. The EBF considers it of utmost importance to provide banks with a consistent supervisory framework, avoiding diverging requirements across the EBA and ESMA guidelines.
There should be one single set of rules. To avoid an excessive unnecessary burden and disproportionate effects on dual regulated firms under both sets of guidelines, European banks encourage an explicit reference in the ESMA guidelines stating that banks which are compliant with the EBA requirements should also be considered compliant by the national competent authority in regard to the ESMA rules. The EBF invites ESMA to consider the respective example of a reference such as paragraph 4 in the introduction of the EIOPA guidelines on outsourcing to cloud service provides, as issued in February 2020.
The EBF welcomes ESMA’s understanding that the main risks associated with cloud outsourcing are similar across sectors. ESMA has considered the recent guidelines published by EBA and EIOPA. However, EBF has identified a number of details within the ESMA guidelines where presentation and/or details of the requirements in question deviate from the established EBA guidelines. EBF invites ESMA to reconsider the identified deviations and to stronger align with existing EBA requirements. Where considered helpful, further exploratory guidance – in turn required to be aligned with EBA guidelines – is suggested. Such alignment will prevent detrimental burdens for banks – in terms of time, work effort and respective costs – by enabling streamlined compliance with both EBA and ESMA supervisory framework. A fragmented approach will otherwise make it difficult for firms who are regulated by both the EBA and ESMA, ultimately impairing on the ability to adopt cloud banking at scale.
For more information:
Julian Schmücker, Policy Adviser Digital Innovation, email@example.com
For more about the EBF Cloud Banking Forum: