FCA provides guidance on Cloud outsourcing

Today the Financial Conduct Authority (FCA) published its final guidance for firms outsourcing to the ‘cloud’ and other third party IT services. This report is relevant to firms who are interested in outsourcing to the cloud and other third party IT services. It may also be of interest to third party IT providers (including cloud providers), trade associations and consumer groups, law firms and other advisers, and auditors of financial services firms.

This guidance sets out the FCA’s view and will be relevant to all firms that it authorises. Dual regulated firms should also confirm the position of the PRA in relation to firms outsourcing to the ‘cloud’ and other third party IT services.

The FCA’s responses to the feedback it received on Guidance Consultation GC15/6 is set out in the annex of this finalised guidance. The FCA does not consider that the feedback received requires substantial changes to its guidance and proposed approach as set out in GC15/6. However, in some areas the regulator amended the draft guidance, mostly to clarify its expectations.

The main feedback issues were:

  • physical access to business premises, including data centres
  • the scope of firms’ obligations relating to supply chain and sub-contracting arrangements
  • clarifying expectations around aspects of risk management, including concentration risk
  • points around the choice and control in relation to the jurisdictions where data is processed, stored and managed
  • the provisions to ensure firms have effective access to data
  • specific expectations around exit plans.

The FCA statement together with the guidance can be found here.

Lavanya Rathnam

Lavanya Rathnam is an experienced technology, finance, and compliance writer. She combines her keen understanding of regulatory frameworks and industry best practices with exemplary writing skills to communicate complex concepts of Governance, Risk, and Compliance (GRC) in clear and accessible language. Lavanya specializes in creating informative and engaging content that educates and empowers readers to make informed decisions. She also works with different companies in the Web 3.0, blockchain, fintech, and EV industries to assess their products’ compliance with evolving regulations and standards.

Posted in ArticlesTagged ,

Leave a Reply

Your email address will not be published. Required fields are marked *