The FCA has just released updated guidance on the use of Cloud based IT services and states that “We see no fundamental reason why cloud services (including public cloud services) cannot be implemented”.
This new guidance has been issued following an industry-wide consultation where it noted that some Financial Services still expressing doubts in terms of FCA compliance using Cloud. “Stakeholders, including firms and cloud service providers, have told us they are unsure about how we apply our rules relating to outsourcing to the cloud. Through roundtable discussions and other interactions with firms and cloud service providers, we understand that this uncertainty may be acting as a barrier to firms using the cloud.”
Furthermore, the FCA has recognized that Cloud adoption can bring considerable benefits “Using the cloud can provide more flexibility to the service that firms receive, enabling
Innovation ….this market continues to evolve rapidly, with frequent new offerings and innovative ways of delivering these services. Using third-party providers, including cloud providers, may bring benefits to firms such as cost efficiencies, increased security, and more flexible infrastructure capacity.”
While many Financial Services organisations have taken advantage of the flexibility that Cloud services offer, including the FCA themselves [link to news on fca and Xactium], some have been slow to adopt it. Concerns over data security have often been stated as the key reason, although, conversely many now believe that using a cloud services can be both more secure and resilient than using some traditional premise servers. In its new guidance the FCA acknowledges that firms should "agree a data residency policy with the provider upon commencing a relationship with them, which sets out the jurisdictions in which the firm’s data can be stored, processed and managed".
In addition: "Considerations should include the wider political and security stability of the jurisdiction; the law in force in the jurisdiction in question (including data protection); and the international obligations of the jurisdiction."
This new affirmation comes after announcements in 2015 where the FCA commented that cloud computing has the potential to “facilitate entry and/or expansion, and increase the ability of financial services providers, overall, to renew their IT systems in a more efficient manner". Other benefits of cloud computing include greater visibility and control.
Click here to view the new guidance.