Financial institutions are transforming their business models and operations to compete in today’s digital world. A key aspect of this digital transformation is the transition from traditional mainframe IT services to cloud based solutions for financial institutions. Aside from compliance challenges under local laws, including over data privacy and security laws, cloud use by financial institutions often constitutes regulated outsourcing. Concern over the concentration of cloud service provision and the increasing systemic risk posed by such arrangements is leading governments and regulators to impose further regulation. Regulation will impose costs that cloud providers will inevitably seek to pass on to customers.
On the flip side, it may improve financial institutions’ ability to achieve more balanced outsourcing agreements that better reflect their own (and regulators’) requirements. The UK will introduce a critical third-party regime, and the EU under its Digital Operational Resilience Act (or DORA) will bring major outsourcers into scope. While US regulators have taken a more hands-off approach, many believe that direct regulatory oversight is not far off. Regulation will impose costs that cloud providers will inevitably seek to pass on to customers.
To learn more, listen here to the latest episode of our global financial institutions podcast, FInsight. Alessandro Celli (Partner, Zurich), Sue McLean (Partner, London) and Peter George (Partner, Chicago) discuss the global trends with reference to Baker McKenzie’s Cloud Compliance Center. This is a free to access information resource on law and regulation relevant to the financial sector’s use of cloud technology. It covers both financial regulation including outsourcing considerations, data protection and data privacy. All presented in an easy-to-understand Question and Answer format.
