EBF advisor: Noemi Papp
Publication date: 19 August 2017
In the official response the following was highlighted:
- EBF supports the additional guidance to the existing CEBS Guidelines.
- However, the draft recommendations remain too high-level and could leave room to multiple interpretations at national level.
- We are additionally concerned that the draft EBA recommendations, as they currently stand, may not be sufficient to have a positive impact on cloud adoption within financial services in Europe.
- EBA’s objective should be to reach a point where notification on a case-by-case basis is not required at either EU or national level.
- It is important to continuously assess and update the EU outsourcing regulation to ensure it is adapted to the technology-enabled world.
- Cloud Service Providers should be certified based on recognised international standards.
- The development of high-level principles by the industry should be favoured.
- Further consideration should be given to the GDPR to be implemented by May 2018.
- The EBA recommendations should explicitly mention the underlying risk driver.