REGULATORY IMPLICATIONS OF CLOUD COMPUTING. Stephen B. Kerr Partner Financial Institutions Group
|
|
- Felicity Patrick
- 8 years ago
- Views:
Transcription
1 REGULATORY IMPLICATIONS OF CLOUD COMPUTING Stephen B. Kerr Partner Financial Institutions Group
2 1
3 Outline Outsourcing history of Canadian regulatory guidance with respect to outsourcing generally Recent guidance and views regarding cloud computing from the Office of the Superintendent of Financial Institutions ( OSFI ) (i.e. OSFI s perspective) How to address OSFI s concerns and requirements when considering a material cloud computing arrangement 2
4 Canadian Regulatory History Evolution of a regulatory philosophy From rules-based to principles-based regulation OSFI supervisory framework introduced (August, 1999) Risk-based approach to assessing a federally regulated entity s ( FRE s ) safety and soundness Evolution of Guideline B-10 Three iterations FRE s remain accountable for all outsourced activities Most recent changes (March, 2009) dealt with, among other things, acquired outsourcing agreements, advance notice by OSFI if audit rights are to be invoked, suggested changes to agreements regarding the testing of business recovery systems, assessing materiality in the content of multiple outsourcing arrangements with only one service provider, and conducting due diligence at the time of a substantial amendment to the outsourcing agreement Data processing outside of Canada Elimination of regulatory approval (April, 2007) However, OSFI may direct the FRE to not maintain or process information or data in another country, or (put another way), to maintain or process information or data in Canada, if it believes that the maintenance or processing of the information or data outside Canada is incompatible with the fulfilment of OSFI s responsibilities FRE s must maintain in Canada certain corporate, accounting and customer records 3
5 OSFI and Cloud Computing February 29, 2012 OSFI Memorandum (the OSFI Memorandum ) Not just cloud computing but all new technology-based outsourcing arrangements Only applies to material (which is both a quantitative as well as a qualitative analysis) cloud computing arrangements Emphasis on: Confidentiality, security and separation of property Contingency planning Location of records Access and audit rights Subcontracting Monitoring the material outsourcing arrangements Unusual for OSFI to issue such a memorandum and therefore underscores a significant regulatory concern with respect to the risks associated with cloud computing 4
6 OSFI and Cloud Computing (continued ) OSFI s approach and philosophy: Benefits and risks for FRE s with respect to cloud computing Still at the relatively embryonic stage for FRE s but growing in use more generally Potentially very significant cost savings for FRE s which by their very nature operate data-intensive, not to mention date-sensitive, businesses Huge systemic risk (e.g. reputational, financial, loss of data, counter-party, etc.) in the context of material cloud computing arrangements (particularly the case for smaller FRE s) Engenders significant third party dependency Process leading up to the OSFI Memorandum Reluctant to open up Guideline B-10 (i.e. it is expected that Guideline B-10 can still work in a cloud computing environment) The result of extensive industry consultation (i.e. both FRE s and service providers) OSFI looked to foreign regulatory approaches and philosophies for guidance 5
7 OSFI and Cloud Computing (continued ) Benefits of the OSFI Memorandum Gives contractual ammunition to FRE s when negotiating with IT service providers Not prescriptive (i.e. still flexible reflecting principles-based approach) Acknowledges the benefits of cloud computing to FRE s (i.e. not an outright prohibition in concept) Gives direction to the IT service provider industry to allow it to develop a cloud computing model which is regulatorily compliant Draw-backs of the OSFI Memorandum Curtails/limits the benefits of cloud computing in that it is arguably difficult, if not impossible, to satisfy all criteria in the context of a true cloud computing arrangement (e.g. location of data, access and audit rights for both the FRE and OSFI, etc.) thereby necessitating changes to the model Perhaps not prescriptive enough 6
8 OSFI and Cloud Computing (continued ) OSFI disputes the claim made by IT service providers that FRE s will lag their competitors because of excessive regulation in the area In comparison to other regulators (e.g. Australia, Singapore, United States and Germany) OSFI is generally more supportive of cloud computing OSFI does not manage risk it merely provides guidance and therefore will not opine on any outsourcing arrangements (including with respect to material cloud computing arrangements) because OSFI does not: Know your business as well as you do Want to be pulled into contractual negotiations Want its supervisory staff to be held hostage to prior regulatory views or comfort Cloud computing emphasizes geographic and political risk for FRE s (i.e. OSFI prefers localized cloud computing) FRE s should move slowly and cautiously with a view to managing risk, engaging risk management protocols, and involving internal audit and legal at the very early stage of any material cloud computing arrangement (i.e. don t cut corners) The IT service provider industry should develop bespoke products and services which complies with regulatory expectations as there is the perception that those cloud computing products and services currently available may not be necessarily compliant 7
9 OSFI and Cloud Computing (continued ) Consequences to FRE s for implementing a cloud computing arrangement which does not comply with Guideline B-10 or the OSFI Memorandum: Deficiency letters Unwinding contractual arrangements Negative impact on supervisory ratings (and if serious enough, will impact capital requirements) Exercise by OSFI of its residual authority to mandate that services be provided in Canada 8
10 Addressing OSFI s Concerns Detailed negotiations should be anticipated by IT service providers when they are negotiating cloud computing arrangements with FRE s Proposed contract should include (among other things): Regular updates re: location of data Detailed provisions regarding access and audit rights (for both the FRE as well as OSFI) and monitoring generally Access to all necessary records so business will not be interrupted (i.e. business continuity) Provisions dealing with how service providers can segregate data Provisions addressing recourse in the event of sub-standard (or discontinuation of) service Understand where your data may reside and those jurisdictions rules regarding search and seizure Ask yourself whether a public or even a community cloud is even appropriate for certain data Do not expect OSFI to materially deviate from its expectations Maintain control and do not outsource management over very sensitive data Relying on hard-boiled precedent outsourcing agreements will not be necessarily responsive to regulatory concerns 9
11 Addressing OSFI s Concerns (continued ) Consult regulatory counsel prior to consummating a material cloud computing arrangement: A legal opinion could provide FRE s (or their counterparties) with some insurance that could be relied upon in the event a regulator expressed concern (and therefore could also be a condition or a requirement of such an agreement) Conduct no-names conversations with OSFI for purposes of obtaining regulatory guidance (OSFI will not opine but will give guidance) Recognize that there may be other regulatory regimes to consider in addition to those of OSFI (e.g. privacy) 10
12 Conclusion Cloud computing has turned outsourcing (which has evolved from a regulatory to a contractual to an operational matter) back to being more a regulatory matter in light of the systemic commercial and reputational risks which a material cloud computing arrangement poses for an FRE 11
13 12
Guideline. Outsourcing of Business Activities, Functions and Processes. Category: Sound Business and Financial Practices
Guideline Subject: Category: Sound Business and Financial Practices No: B-10 Date: May 2001 Revised: December 2003 Revised: 1 1. Introduction Financial institutions outsource business activities, functions
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationAPES GN 30 Outsourced Services
APES GN 30 Outsourced Services Prepared and issued by Accounting Professional & Ethical Standards Board Limited ISSUED: March 2013 Copyright 2013 Accounting Professional & Ethical Standards Board Limited
More informationManaging Outsourcing Arrangements
Guidance Note GGN 221.1 Managing Outsourcing Arrangements 1. This Guidance Note provides further detail on the requirements for managing material outsourcing arrangements (refer Prudential Standard GPS
More informationGuidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004
Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes
More informationGuide to Intervention for Federally Regulated Life Insurance Companies
The Intervention Process Guide to Intervention for Federally Regulated Life Insurance Companies The objective of the intervention process is to enable OSFI to identify areas of concern at an early stage
More informationAPES GN 30 Outsourced Services
APES GN 30 Outsourced Services Prepared and issued by Accounting Professional & Ethical Standards Board Limited ISSUED: [DATE] Copyright 2012 Accounting Professional & Ethical Standards Board Limited (
More informationAny business relationship between a bank and another entity, by contract or otherwise
An Overview for Bank Directors Managing the Third Party Relationship Patrick Neuman Boardman & Clark LLP Madison, Wisconsin Any business relationship between a bank and another entity, by contract or otherwise
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationWhen does an Insurer or Reinsurer Need to be Licensed in Canada?
Association of Insurance Compliance Professionals Doing Business Internationally 2013 Conference October 6-9, 2013 Robert McDowell When does an Insurer or Reinsurer Need to be Licensed in Canada? Foreign
More informationRegulatory Compliance Management (RCM) (formerly Legislative Compliance Management (LCM))
Guideline Subject: Category: (RCM) (formerly Legislative Compliance Management (LCM)) Sound Business & Financial Practices No: E-13 Date: November 2014 I. Purpose and Scope of the Guideline The purpose
More informationSUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS
SUPERVISORY AND REGULATORY GUIDELINES: PU48-0809 ISSUED: 4 th May 2004 REVISED: 27 th August 2009 GUIDELINES ON MINIMUM STANDARDS FOR THE OUTSOURCING OF MATERIAL FUNCTIONS I. INTRODUCTION The Central Bank
More informationAnatomy of an IT Outsourcing Deal. Bruce Laco Deloitte John Pickett IT World Canada Barry Sookman McCarthy Tetrault
Anatomy of an IT Outsourcing Deal Bruce Laco Deloitte John Pickett IT World Canada Barry Sookman McCarthy Tetrault 3656867 Agenda Key Considerations for IT Outsourcing Decision Anatomy of an Outsourcing
More informationFinancial Services Guidance Note Outsourcing
Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14
More informationInformation Sheet: Cloud Computing
info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES A CONSULTATION REPORT OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS STANDING COMMITTEE 3 ON MARKET INTERMEDIARIES
More informationPrivacy and Cloud Computing for Australian Government Agencies
Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationMapping of outsourcing requirements
Mapping of outsourcing requirements Following comments received during the first round of consultation, CEBS and the Committee of European Securities Regulators (CESR) have worked closely together to ensure
More informationVendor Management Compliance Top 10 Things Regulators Expect
Vendor Management Compliance Top 10 Things Regulators Expect Paul M. Phillips, CFA Attorney, Adams and Reese Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay 2014 EastPay.
More informationGUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK
GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK This Guideline does not purport to be a definitive guide, but is instead a non-exhaustive
More informationSupervisory Policy Manual
This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue
More informationOUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008
OUTSOURCING GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS, 2008 BANK OF TANZANIA PART I PRELIMINARY 1 These guidelines may be cited as the Outsourcing Guidelines for Banks and Financial Institutions,
More informationCloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1
Cloud Computing and Privacy Toolkit Protecting Privacy Online May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Table of Contents ABOUT THIS TOOLKIT... 4 What is this Toolkit?... 4 Purpose of this Toolkit...
More informationOutsourcing Risk Guidance Note for Banks
Outsourcing Risk Guidance Note for Banks Part 1: Definitions Guideline 1 For the purposes of these guidelines, the following is meant by: a) outsourcing: an authorised entity s use of a third party (the
More informationManaging General Agents (MGAs) Guideline
Managing General Agents (MGAs) Guideline JUNE 2013 DRAFT FOR COMMENT BC AUTHORIZED LIFE INSURERS www.fic.gov.bc.ca PURPOSE This draft guideline outlines best practices that the Financial Institutions Commission
More informationBulletin: Revised Canadian Earthquake Exposure Guideline About to Take Effect
Bulletin: Revised Canadian Earthquake Exposure Guideline About to Take Effect Hartley Lefton, Shelley Miller Q.C. and Mark Cavdar (student-at-law) Shelley L. Miller, Q.C. Partner D: +1 780 423 7212 shelley.miller@
More informationGUIDANCE NOTE ON OUTSOURCING
GN 14 GUIDANCE NOTE ON OUTSOURCING Office of the Commissioner of Insurance Contents Page I. Introduction.. 1 II. Application...... 1 III. Interpretation.... 2 IV. Legal and Regulatory Obligations... 3
More informationOCC 98-3 OCC BULLETIN
To: Chief Executive Officers and Chief Information Officers of all National Banks, General Managers of Federal Branches and Agencies, Deputy Comptrollers, Department and Division Heads, and Examining Personnel
More informationCloud computing. A practical guide to legal risks and issues
Financial institutions Energy Infrastructure, mining and commodities Transport Technology and innovation Life sciences and healthcare Cloud computing A practical guide to legal risks and issues Attorney
More informationinsurance bulletin unlicensed insurance in Canada
September 2013 insurance bulletin unlicensed insurance in Canada This article addresses certain issues relating to foreign insurers conducting unlicensed insurance in Canada, a few years after the federal
More informationGUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987
GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 CONTENTS Page 1. Introduction 3-4 2. The Commission s Policy 5 3. Outsourcing
More informationVendor Management Compliance Top 10 Things Regulators Expect
Vendor Management Compliance Top 10 Things Regulators Expect Peter Davey, AAP VP & Director, Enterprise Payments, CapitalOne Pamela T. Rodriguez, AAP, CIA, CISA EVP, Risk Management & Education, EastPay
More informationThe Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations
The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors
More informationAuditing in Foreign Jurisdictions
CANADIAN PUBLIC ACCOUNTABILITY BOARD CPAB Special Report The Canadian Public Accountability Board (CPAB) promotes high-quality auditing of public companies through its inspections of firms that audit reporting
More informationCapital Regime for Regulated Insurance Holding Companies and Non-Operating Life Companies
Guideline Subject: Capital Regime for Regulated Insurance Holding Companies and Non-Operating Life Companies Category: Capital No: A-2 Date: July 2005 Introduction This Guideline sets out the capital framework
More informationOUTSOURCING REGULATIONS IN THE BANKING AND INSURANCE INDUSTRIES IN ASIA PACIFIC
OUTSOURCING REGULATIONS IN THE BANKING AND INSURANCE INDUSTRIES IN ASIA PACIFIC Bridging Borders Webinar Series 1 Welcome Welcome You are on mute A link to a recording of the webinar will be available
More informationObjective and key requirements of this Prudential Standard
Prudential Standard CPS 231 Outsourcing Objective and key requirements of this Prudential Standard This Prudential Standard requires that all outsourcing arrangements involving material business activities
More informationProposed Principles to be addressed in APES GN 20 Outsourced Accounting Services
Proposed Principles to be addressed in APES GN 20 Outsourced Accounting Services Roles and Responsibilities The proposed Guidance Note 20 Outsourced Accounting Services (GN 20) will set out the various
More informationCloud Computing in a Government Context
Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important
More informationSAS 70 Exams Of EBT Controls And Processors
Appendix VIII SAS 70 Examinations of EBT Service Organizations Background States must obtain an examination by an independent auditor of the State electronic benefits transfer (EBT) service providers (service
More informationMicrosoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).
Microsoft Submission to ACS Cloud Protocol Discussion Paper General Comments Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the
More informationOutsourcing arrangements. Notice of issuance of final guidance note and summary response to comments received
Rules Notice Request for Comments Dealer Member Rules Please distribute internally to: Internal Audit Legal and Compliance Operations Regulatory Accounting Senior Management Contact: Richard J. Corner
More informationData Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005
Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005
More informationGuidance Note on Outsourcing/Delegation of Functions
Guidance Note on Outsourcing/Delegation of Functions Supervision Division Financial Supervision Commission 7 May 2002 1 Introduction Guidance Note on Outsourcing/Delegation of Functions This Guidance applies
More informationCredit Union Liability with Third-Party Processors
World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with
More information14 December 2006 GUIDELINES ON OUTSOURCING
14 December 2006 GUIDELINES ON OUTSOURCING CEBS presents its Guidelines on Outsourcing. The proposed guidelines are based on current practices and also take into account international, such as the Joint
More informationDEVELOPING AN AML (ANTI-MONEY LAUNDERING) PROGRAM:
DEVELOPING AN AML (ANTI-MONEY LAUNDERING) PROGRAM: Although the Department of the Treasury has not issued specific rules for hedge funds and hedge fund managers, hedge fund managers should adopt and implement
More informationREGULATORY GUIDELINES PROVIDE INSIGHT INTO OUTSOURCING. The Canadian IT outsourcing market currently generates approximately $6 billion in annual
REGULATORY GUIDELINES PROVIDE INSIGHT INTO OUTSOURCING By C. Ian Kyer and Warren Sheffer The Canadian IT outsourcing market currently generates approximately $6 billion in annual revenue with forecasted
More informationThe New Third-Party Oversight Framework: Trust but Verify kpmg.com
Financial Services Regulatory Point of View The New Third-Party Oversight Framework: Trust but Verify kpmg.com The New Third-Party Oversight Framework: Trust but Verify 1 Financial services regulatory
More informationMicrosoft Pty Ltd. Australian Financial System Inquiry: Response to request for further submissions
Microsoft Pty Ltd Australian Financial System Inquiry: Response to request for further submissions August 2014 1 Response in relation to Chapter 9 of the Interim Report Microsoft is pleased to respond
More information12 Considerations for Managing Foreign Supplier Risk
12 Considerations for Managing Foreign Supplier Risk November 2014 Lockton Companies A growing number of manufacturers over the past VINCE GAFFIGAN, CPA EVP, Director, Risk Consulting Risk Management Services
More information¼ããÀ ããè¾ã ¹ãÆãä ã¼ãîãä ã ããõà ãäìããä ã½ã¾ã ºããñ Ã
CIRCULAR CIR/MIRSD/24/2011 December 15, 2011 All intermediaries registered with SEBI Merchant Bankers/Registrars to An issue and Share Transfer Agents/Debenture Trustees/Bankers to An Issue/Underwriters/Credit
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationGUIDELINES ON OUTSOURCING ARRANGEMENTS
GUIDELINES ON OUTSOURCING ARRANGEMENTS STATE BANK OF PAKISTAN BANKING POLICY & REGULATIONS DEPARTMENT KARACHI CONTENTS Page No I INTRODUCTION:... 1 II APPLICABILITY:... 1 III DEFINITION OF OUTSOURCING:...
More informationGuideline. Large Exposure Limits. Category: Prudential Limits and Restrictions. No: B-2 Date: August 2003. I. Introduction
Canada Bureau du surintendant des institutions financières Canada 255 Albert Street 255, rue Albert Ottawa, Canada Ottawa, Canada K1A 0H2 K1A 0H2 www.osfi-bsif.gc.ca Guideline Subject: Category: Prudential
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationTo: Our Clients and Friends March 25, 2014
Financial Services Group To: Our Clients and Friends March 25, 2014 A Significant Change Is Occurring Regarding Regulatory Oversight of Banks and Their Third Party Relationships. Both Banks and their Vendors
More informationInter-Segment Notes for Life Insurance Companies. Sound Business and Financial Practices
Guideline Subject: Category: for Life Insurance Companies Sound Business and Financial Practices No: E-12 Date: June 2000 Revised: July 2010 Introduction This guideline establishes OSFI s expectations
More informationCONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE
CEBS CP 02 April 2004 COMMITTEE OF EUROPEAN BANKING SUPERVISORS CONSULTATION PAPER ON HIGH LEVEL PRINCIPLES ON OUTSOURCING COVER NOTE Introduction 1. European banking supervisors began work in 2002 on
More informationPrinciples on Outsourcing by Markets
Principles on Outsourcing by Markets Final Report TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS July 2009 CONTENTS I. Introduction 3 II. Survey Results 5 A. Outsourced
More informationBasel Committee on Banking Supervision. Consolidated KYC Risk Management
Basel Committee on Banking Supervision Consolidated KYC Risk Management October 2004 Table of contents Introduction...4 Global process for managing KYC risks...5 Risk management...5 Customer acceptance
More information-17 2015 OUTSOURCING POLICY
Outsourcing Policy TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 Aim & Introduction... 3 POLICY PARAMETERS... 4 Key Terms... 4 Outsourcing Agreement Requirements... 5 MATERIAL OUTSOURCING AGREEMENTS... 6 Board
More informationOffice of the Superintendent of Financial Institutions. Internal Audit Report on Regulation Sector: Private Pension Plans Division
Office of the Superintendent of Financial Institutions Internal Audit Report on Regulation Sector: Private Pension Plans Division Table of Contents 1. Background... 3 2. Audit Objective, Scope and Approach...
More informationLegal Challenges for U.S. Healthcare Adopters of Cloud Computing
Legal Challenges for U.S. Healthcare Adopters of Cloud Computing by Kevin Erdman and Nigel Stark of Baker & Daniels LLP 1 ABSTRACT U.S. Healthcare companies have begun experimenting with taking business-critical
More informationBANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994
BANKING UNIT BANKING RULES OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 Ref: BR/14/2009 OUTSOURCING BY CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 INTRODUCTION
More informationMemorandum. Independent Amount Segregation: Summary of ISDA s Sample Tri-Party IA Provisions
Memorandum Independent Amount Segregation: Summary of ISDA s Sample Tri-Party IA Provisions The International Swaps and Derivatives Association Inc. ( ISDA ) has published the following documents in order
More informationPROPERTY OF THE SECURITIES COMMISSION OF THE BAHAMAS
SUPERVISORY AND REGULATORY GUIDE: APPLICABLE LEGISLATION: OUTSOURCING OF MATERIAL FUNCTIONS SIA, 2011; IFA, 2003; FCSPA, 2000. ISSUED: 15 MAY 2012 LAST AMENDED: REFERENCE NUMBER: 31 DECEMBER SPG1-0512
More informationVII 4.1. VII. Unfair and Deceptive Practices Third Party Risk. Third Party Risk. Introduction. Background
Third Party Risk Introduction The board of directors and senior management of an insured depository institution (institution) are ultimately responsible for managing activities conducted through third-party
More informationProposed guidance for firms outsourcing to the cloud and other third-party IT services
Guidance consultation 15/6 Proposed guidance for firms outsourcing to the cloud and other third-party IT services November 2015 1. Introduction and consultation 1.1 The purpose of this draft guidance is
More informationIOPS GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS
. IOPS GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS June 2010 1 GOOD PRACTICES IN RISK MANAGEMENT OF ALTERNATIVE INVESTMENTS BY PENSION FUNDS 1 Introduction 1. The objective
More informationClearing the Legal fog:
Clearing the Legal fog: cloud computing explained MARCH 2010 This issues summary highlights some of the main legal issues that are claimed to negatively affect users of cloud computing and provides practical
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationCloud Computing Contracts. October 11, 2012
Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best
More informationfor Fund Management Companies and Exempt Financial Intermediaries
CONSULTATION PAPER P008-2010 April 2010 Review of the Regulatory Regime for Fund Management Companies and Exempt Financial Intermediaries REVIEW OF THE REGULATORY REGIME FOR FUND MANAGEMENT COMPANIES TABLE
More informationAnnex B. The Proposed Amendments AMENDMENTS TO NATIONAL INSTRUMENT 21-101 MARKETPLACE OPERATION
Annex B The Proposed Amendments AMENDMENTS TO NATIONAL INSTRUMENT 21-101 MARKETPLACE OPERATION 1. National Instrument 21-101 Marketplace Operation is amended by this Instrument. 2. National Instrument
More informationStructuring Multinational Insurance Programs: The Emerging Regulatory Challenge to Non-admitted Insurance. Suresh Krishnan Tracey Discepolo
Structuring Multinational Insurance Programs: The Emerging Regulatory Challenge to Non-admitted Insurance Suresh Krishnan Tracey Discepolo focus on: Structuring Multinational Insurance Programs: By Suresh
More informationAudit Committee Oversight of Foreign Operations. November 2014
Audit Committee Oversight of Foreign Operations November 2014 The Issue External auditor oversight can be a challenge for audit committees of reporting issuers with operations in foreign jurisdictions.
More informationEGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY
Bridging The Gap Between Healthcare & Hipaa Compliant Cloud Technology and outsource computing resources to external entities, would provide substantial relief to healthcare service providers. Data stored
More informationDue Diligence Process
Due Diligence Process Steps involved in legal due diligence Issues Introduction to Due Diligence Description Due diligence is a process of thorough and objective examination that is undertaken before corporate
More informationMISSION VALUES. The guide has been printed by:
www.cudgc.sk.ca MISSION We instill public confidence in Saskatchewan credit unions by guaranteeing deposits. As the primary prudential and solvency regulator, we promote responsible governance by credit
More informationGuideline. Commercial Lending Criteria. No: E-2 Date: June 1992
Canada Bureau du surintendant des institutions financières Canada 255 Albert Street 255, rue Albert Ottawa, Canada Ottawa, Canada K1A 0H2 K1A 0H2 Guideline Subject: No: E-2 Date: June 1992 This guideline
More informationSTRUCTURING MULTINATIONAL INSURANCE PROGRAMS: THE EMERGING REGULATORY CHALLENGE TO NON-ADMITTED INSURANCE Suresh Krishnan
STRUCTURING MULTINATIONAL INSURANCE PROGRAMS: THE EMERGING REGULATORY CHALLENGE TO NON-ADMITTED INSURANCE Suresh Krishnan STRUCTURING MULTINATIONAL INSURANCE PROGRAMS: THE EMERGING REGULATORY CHALLENGE
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationOutsourcing. FSA Regulated firms (including offshore outsourcing) Contents. March 2004
Outsourcing FSA Regulated firms (including offshore outsourcing) March 2004 Contents 2. Introduction 2. How do the regulations impact an outsourcing? 3. Prudential Sourcebooks 4. Service Level Agreements
More informationThe Cloud and Cross-Border Risks - Singapore
The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in
More informationSolvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3)
Solvency Assessment and Management: Pillar II Sub Committee Governance Task Group Discussion Document 81 (v 3) Governance, Risk Management, and Internal Controls INTERIM REQUIREMENTS CONTENTS 1. INTRODUCTION
More informationCloud Computing: Privacy and Other Risks
December 2013 Cloud Computing: Privacy and Other Risks by George Waggott, Michael Reid and Mitch Koczerginski, McMillan LLP Introduction While the benefits of outsourcing organizational data storage to
More informationFramework for Cooperative Market Conduct Supervision in Canada
Framework for Cooperative Market Conduct Supervision in Canada November 2015 1 Purpose The Framework for Cooperative Market Conduct Supervision in Canada ( Cooperative Framework ) is intended to provide
More informationCOMMISSION DELEGATED DECISION (EU) / of 5.6.2015
EUROPEAN COMMISSION Brussels, 5.6.2015 C(2015) 3740 final COMMISSION DELEGATED DECISION (EU) / of 5.6.2015 on the provisional equivalence of the solvency regimes in force in Australia, Bermuda, Brazil,
More informationBanking Guidance Note No. 1 Outsourcing of Services or Functions by Gibraltar- Licensed Banks. Date of Paper : 31 January 2000 Version Number : 1.
No. 1 of Services or Functions by Gibraltar- Licensed Banks Date of Paper : 31 January 2000 Version Number : 1.00 Table of Contents Introduction... 3 Submissions to FSC... 3 Assessment of Proposals...
More informationPersonal data and cloud computing, the cloud now has a standard. by Luca Bolognini
Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last
More informationTimeliness of Business Intelligence Data
Timeliness of Business Intelligence Data Walter Cunningham Paul McNamara BenchMark Consulting International Introduction The previous article in this series of business intelligence papers discussed the
More informationManaging Risk at Bank of America Corporation. Overview
Managing Risk at Bank of America Corporation Overview Risk is inherent in every material business activity that we undertake. Our business exposes us to strategic, credit, market, liquidity, compliance,
More information1.0 Structure of the Investment. Financial Services Commission of Ontario Commission des services financiers de l Ontario. Investment Guidance Notes
Financial Services Commission of Ontario Commission des services financiers de l Ontario SECTION: INDEX NO.: TITLE: APPROVED BY: PUBLISHED: EFFECTIVE DATE: Investment Guidance Notes IGN-001 Buy-In Annuities
More informationNOTICE ON OUTSOURCING
CONSULTATION PAPER P018-2014 SEPTEMBER 2014 NOTICE ON OUTSOURCING PREFACE 1 MAS first issued the Guidelines on Outsourcing in 2004 1 ( Guidelines ) to promote sound risk management practices for the outsourcing
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationContracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT
Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Overview Cloud computing offers great opportunities for organizations, including schools, hospitals and businesses
More information