The application of cloud computing by financial firms is excessively complex due to conflicting regulatory requirements across jurisdictions, according to the Asia Securities Industry and Financial Markets Association (Asifma), which is calling for the promotion of a consistent and globally aligned framework governing its use.
In a report published on March 2, entitled ‘Proposed Asifma Principles for Public Cloud Regulation’, the association said it wants to stimulate discussion between financial institutions, cloud service providers and regulators about the most effective way to implement public cloud regulation.
“Cloud computing is rapidly becoming the norm for IT processing and data storage solutions, as it is an adaptable and versatile way to consume a range of IT services,” said Laurence Van der Loo, executive director of technology and operations at Asifma.
[Fragmented regulatory approach] stunts rollout of certain services across borders and could be increasing cyber risks
“The use of public cloud brings significant benefits to the financial services industry in the areas of risk mitigation, innovation, cost savings and productivity gains, although it has also been of particular interest and regulatory scrutiny due to the differences associated with public cloud versus other models,” he said.
Asifma said different regulator approaches to the use of the cloud are posing significant challenges to banks wanting to use it as part of their global strategies. It warns that as well as stunting the rollout of certain services across borders, the fragmented regulatory approach could also be increasing cyber risks by fostering a more decentralised environment that inhibits centralised oversight.
To address these challenges, Asifma proposes nine high-level principles to govern the use of the public cloud by financial firms. These include supporting technology-neutral and activity-based regulation, harmonisation of public cloud requirements, principles-based and outcome-focused approach to cloud regulation and the free movement of data.
This article first appeared in The Banker’s sister publication Global Risk Regulator.
