back to article FCA paves way for cloud computing in UK financial services

The Financial Conduct Authority (FCA) has paved the way for banks, insurers and other financial services companies to take advantage of cloud computing services, so long as "appropriate safeguards" are in place, said one commentator. In proposed new guidance on cloud and other IT outsourcing (PDF), the regulator said there is …

  1. LucreLout


    ....I can only see this ending well.

  2. Tony S

    They're already outsourcing a lot of stuff, so it's not really surprising they want to go down this route.

    Considering what's happened already with the outsourced systems, I think that we can see what will probably happen next.

  3. Anonymous Coward
    Anonymous Coward

    That will need some more discussion

    I cannot see ANY service provider agree with premise access, because that would mean they contractually agree to harm every other of their customers the moment one of those is investigated by the FCA, which is, well, stupid, and ditto for the open door policy the FCA would like.

    I can see what the FCA is trying to do, though, so I would propose a requirement that any cloudy contract contains clauses that require the production of copies of the specific data held by an organisation for the whole of the mandated retention period. It is the regulated entities' job to produce it, so they have to stipulate that in the contract and audit that it is actually possible.

    1. Velv

      Re: That will need some more discussion

      Some of the larger providers have already put in place contracts with several Financial Services companies that meet these FCA guidelines.

      It's partly through working out the issues that the FCA has got to the point where it can put forward these proposed guidelines as they know the cloud providers can deliver the access.

  4. Doctor Syntax Silver badge

    'Cloud customers should also be aware that they may not be able to control where data is stored and that sub-contracting arrangements may exist without them "initially realising", it said.

    The draft guidance outlines ... and ensure regulators have effective access to data.


    One of the recommendations the FCA made was for financial services companies to determine whether their cloud contracts are governed by UK law and subject to UK court jurisdiction. It said that even if it is not those cloud customers must ensure that they, their auditor and the FCA have "effective access" to its data as well as the cloud provider's "business premises".'

    Given the premise in the first paragraph the other points seem likely to be difficult to achieve. In particular there'd be a need to ensure other court jurisdictions (other than higher EU courts) don't try to push their noses in and that other organisations don't have access to the data.

    'It said companies need to have an "exit plan" that is "understood, documented and regularly rehearsed" which allows it to come out of outsourcing arrangements "without undue disruption to their provision of services, or their compliance with the regulatory regime".'

    And one that will still work when the cloud operator's administrators walk in?

    1. Anonymous Coward
      Anonymous Coward

      I don't actually see why these demands are directed at the service providers.

      Surely it is up to the FCA regulated entities to ensure they have contracts in place that ensure they can comply with FCA demands? If they have contracts that do not facilitate access to the records the FCA deems to need, THEY are culpable, not the service provider.

      I cannot see any service provider agree to an open door policy for the FCA, physical or electronic, because that would make them liable for all sorts of trouble with other customers and it could even be illegal in the operating nation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like