The UK's Financial Conduct Authority (FCA) says there is "no fundamental reason" why FS firms cannot use public cloud services.
In new guidelines, the FCA says: "We see no fundamental reason why cloud services (including public cloud services) cannot be implemented, with appropriate consideration, in a manner that complies with our rules."
Clarification comes after industry players admitted that they were unsure how the watchdog applies its rules when it comes to outsourcing to the cloud.
With the FCA making a concerted effort to push innovation as a way of boosting competition, it is stressing the benefits of using cloud services, saying that their flexibility can bring "benefits to firms, their consumers, and the wider market".
However, there are risks, most notably in relation to data security. The guidance says that firms should "agree a data residency policy with the provider upon commencing a relationship with them, which sets out the jurisdictions in which the firm’s data can be stored, processed and managed".
In addition: "Considerations should include the wider political and security stability of the jurisdiction; the law in force in the jurisdiction in question (including data protection); and the international obligations of the jurisdiction."
More generally, before using the cloud, firms should "have a clear and documented business case or rationale in support of the decision to use one or more service providers for the delivery of critical or important operational functions or material outsourcing".
Read the full document:
Download the document now 193.3 kb (PDF File)