On 18 December 2020, the European Securities Market Authority (“ESMA”) released guidelines on outsourcing to cloud service providers (the “ESMA Guidelines”). The ESMA Guidelines aim to provide guidance to, amongst others, fund managers, depositaries, as well as, to competent national supervisory authorities on what regulatory standards should apply in the case of outsourcing to cloud service providers (“CSP”).
The past two years have led to a development to regulate (cloud) outsourcing increasingly on the European level. In February 2019, the European Banking Authority (the “EBA”) guidelines on outsourcing arrangements, which incorporated the EBA Recommendations on outsourcing to CSPs, were adopted and harmonized the legal framework applicable to, amongst others, banks, e-money and payment institutions. Furthermore, the European Insurance and Occupational Pensions Authority (“EIOPA”) published on the 31 January 2020 the guidelines in the cloud domain applicable to insurance and reinsurance undertakings (the “EIOPA Guidelines”). Given these developments, it is unsurprising that ESMA has followed the approach of the EBA and EIOPA by setting out a harmonized legal framework that is coherent with the previously mentioned initiatives for entities falling under its responsibility.
Click here to read the full article.
Source: Agefi - January 2021