A new guide from The Financial Conduct Authority (FCA) has helped clarify some of the legal issues surrounding financial technology and could lead to a boom for cloud service providers catering for the money markets.
The draft guidance briefs readers on the key areas regulated firms must consider when researching into outsourcing to the cloud and covers regulatory issues, data protection and security and business continuity. It also includes a section on how to manage risk and how to ensure regulators have effective access to data.
In the guide the FCA concludes there is “no fundamental reason why cloud services (including public cloud services) cannot be implemented, with appropriate consideration, in a manner that complies with our rules”.
Cloud outsourcing can help improve competition in the financial services sector, the regulator said, because it can “increase the ability” of financial services providers to renew their IT systems more efficiently. Greater choice and innovation in outsourcing should deliver “commensurate benefits for firms and consumers,” says the guide.
The FCA warns about the risks of outsourcing to cloud providers, however, and it briefs financial technology buyers to be vigilant on where data is stored and to check hidden sub-contracting arrangements which may obscure data residence arrangements.
The regulator advises that financial services companies must establish if and how their cloud contracts are governed by UK law and subject to UK court jurisdiction. Even when UK courts do not have jurisdiction financial service companies will have to ensure that their auditor and the FCA have “effective access” to their data, to the cloud provider’s business premises and even to the company’s Human Resource vetting procedures and audit trails. Although the definition of business premises includes head offices, operations and data centres, regulated firms do not have to ensure they have access to all of their cloud provider’s premises.
Writing on the Out-Law blog of law firm Pinsent Masons, fin-tech legal expert John Salmon said the FCA guidance is a “positive recognition that the financial services sector can move ahead with plans to use cloud services as long as appropriate safeguards are put in place.”
The FCA’s guidance is open to consultation until 12 February 2016.
“The consultation period over the next few months will provide a good opportunity for businesses affected to set out clear views about how existing regulation can be addressed in a way that enables cloud products,” said Salmon.