On 23 March 2017, the European Commission launched a public consultation entitled “FinTech: a more competitive and innovative European financial sector”. The consultation closed on 22 June 2017. The purpose of the consultation was to seek input from stakeholders to further develop the Commission’s policy approach towards technological innovation in financial services.
226 firms responded and the Commission released a summary of the responses.
To the question “Do commercially available cloud solutions meet the minimum requirements that financial service providers need to comply with”. Total respondents to this question 126 – Yes 39 – No 24 – Do not know 63.
Clearly a majority considered Cloud Services do not or only partially meet the minimum compliance requirements, noting at the same time the lack of clarity on what those requirements actually are!
Not all Cloud Service Providers (‘CSP’s) were consider to be on the same level of competence concerning cloud offers for Financial services.
Security was noted as an important concern but some highlighted that CSPs are better equipped than financial institutions to address security challenges. The main issue expressed by a majority concerned data, and its location. The fact that data and servers could be located outside Europe and the implications regarding the lack of compliance with EU rules, indeed which rules would even apply and on how to ensure access to data to national supervisors, was underlined.
Somewhat unsurprisingly, CSPs (representing a few of the respondents) stressed provisions already existing in their contracts to ensure compliance with prudential rules, considered that GDPR and NIS would bring a higher and more harmonised level of protection and that actually CSPs could help, notably through existing solution to facilitate reporting for compliance.