European capital market participants are calling on supervisory authorities to remove regulatory barriers to cloud adoption, arguing that broad-brush diktats on portability and multi-cloud strategies would present significant challenges to implementation by financial firms.
A new report from the Association for Financial Markets in Europe (Afme) and Protiviti urges policy makers to show a more nuanced approach, saying that proposed recommendation from supervisory agencies will limit the benefits of cloud services and increase the technical complexity of supporting multiple Cloud Service Propviders (CSPs)
James Kemp, managing director, Afme, says: "Emerging policy in the EU and globally is in danger of mandating how banks adopt cloud because of the perceived risks for security, the concentration of providers, and resilience of the sector overall. While the solutions being discussed, such as ensuring portability or the use of multi-cloud strategies, can provide resiliency benefits, they risk introducing significant limitations and complexity which would lead to reduced cloud adoption overall.
“Banks should not be limited in taking a risk-based approach tailored to their cloud usage and technical needs allowing them to deploy multiple complementary solutions for resilience, rather than specific solutions being mandated for all.”
The Afme report presents an assessment of five scenarios, covering the failure of a CSP in a particular region through to the loss of an entire CSP globally, to highlight why the proposed regulations may not be appropriate in all instances.
Instead it calls on policymakers to focus their attention on ensuring regional and global alignment on cloud resilience and risk expectations and enhancing information sharing and transparency requirements for CSPs as well as encouraging cloud cross-border data flows and storage.