Cloud - WSBI ESBG

The cloud certification would help reduce technical, operational and security risks, and would support compliance with the EBA Outsourcing Guidelines.

It would also help the European banking industry be more competitive worldwide by quickly adopting new technologies. In any case, it is clear that a new oversight framework shall not increase the banking and financial sectors obligations and supervisions. The EBA has advised the European Commission to look at the establishment of an appropriate oversight framework for third-party service providers (TPPs), in particular in the area of cloud services. ESBG encourages and shares the need to strengthen and harmonise the current legislative framework for TPPs at both micro and macro level.

At micro level, Supervisors should have access rights, audit rights and sanctioning rights directly from the regulatory framework rather than relying only on contractual provisions in outsourcing contracts. ESBG believes that the Cloud Certification is an additional toolkit and will contribute to achieving this policy objective. ESBG encourages policymakers to increase efforts to create a CSP certification framework.
At macro level, ESBG also agrees with the EBA that for critical TPPs there is an urgent need for a new oversight framework that sets higher standards related to security and data protection (e.g. obligatory cybersecurity certification). The scope of oversight should aim at monitoring concentration risk, financial stability risks and ensuring cooperation with relevant authorities.

Identified Concerns

ESBG is concerned about the unbalanced power relationship between CSP (Google, Amazon, Microsoft, Alibaba, etc) and cloud service users, such as banks. It is indeed almost impossible for banks to negotiate contractual terms with the powerful CSP that are compliant with the EBA guidelines or applicable legal acts, and this situation generates compliance risk for banks as they are still responsible for the outsourcing arrangement.

Regarding the regulatory framework, the EBA in its Outsourcing Guidelines, sets unrealistic obligations for banks (e.g. auditing rights, data localisation), as the negotiating position of European banks towards cloud service providers is fairly weak.

Why Policymakers Should Act

Industry sectors like banking urgently need for cloud services offered by big players to fall under a centralised, Europe-wide, validated and standardised EU framework that puts in place legal, technology and security requirements. ESBG has identified some of the major cloud guarantees expected from cloud service providers to comply with the authorities’ requirements and obtain trustworthy banking cloud services.

ESBG welcomes the European Commission’s approach to standardising certain mandatory and sensitive Cloud contractual clauses. Nevertheless, additional efforts are required to strengthen the financial sector’s capacity to negotiate. Beyond the standardisation of Cloud contractual clauses, a complementary approach could be considered to obtain a Trustworthy European Cloud certification for the financial sector.

Background

There is an ongoing reflection on the level of oversight and supervision for providers supplying a public Cloud to the banking and financial sectors. The underlying idea is to ensure that CSPs deliver on a trusted European Cloud which should comply with the technical, security, legal and regulatory requirements imposed by the 2019 EBA Outsourcing Guidelines and the 2020 Guidelines on ICT and security risk management or legal acts like GDPR.

European Banking Authority (EBA) on ESG risk management

The European Savings and Retail Banking Group (ESBG) submitted its response to the consultation launched by the European Banking Authority (EBA). ESBG insists on the need for consitency with CSRD and CSDDD, the addressees of this guideline should also

Enhancing Transparency in Bank Disclosures: ESBG delivers comprehensive response to the EBA’s Pillar 3 data hub consultation

On 14 December 2023, the European Banking Authority (EBA) published a discussion paper on the Pillar 3 data hub processes and its possible practical implications.

IASB Exposure Draft (ED) on Financial Instruments with Characteristics of Equity

On 29 November 2023, the International Accounting Standards Board (IASB) proposed amendments in an Exposure Draft to tackle challenges in financial reporting for instruments with both

ESBG’s response to the EFRAG Comment Letter on Financial Instruments with Characteristics of Equity

On 29 November 2023, the International Accounting Standards Board (IASB) proposed amendments in an Exposure Draft to tackle

ESBG advocates for increased clarity and streamlining of supervisory reporting requirements

On 14 March, ESBG submitted its response to the European Banking Authority (EBA) consultation on ITS amending Commission Implementation Regulation (EU) 2021/451 regarding supervisory reporting

WSBI-ESBG advocates for robust implementation of the BCBS Pillar 3 framework for climate-related financial risks

On 14 March, WSBI-ESBG submitted its response to the Basel Committee on Banking Supervision (BCBS) consultation on its Pillar 3 disclosure framework for climate-related financial risks

ESBG stresses the need for consistency and clarity in its Response to the SFDR Review Consultation

ESBG submitted its response to the European Commission’s consultation on the SFDR review, aiming to enhance transparency in sustainability-related disclosures within the financial services sector

ESBG response to the EBA’s consultation on Guidelines on preventing the abuse of funds and certain crypto-assets transfers for ML/TF

The guidelines on the “travel rule” delineate the actions that Payment Service Providers (PSPs), Intermediary PSPs

ESBG responds to the SRB consultation on the future MREL policy

The European Savings and Retail Banking Group (ESBG) submitted its response to the consultation launched by the Single Resolution Board (SRB) in December 2023 on the future of the Minimum Requirement for own funds

ESBG’s response to the Commission’s consultation on the GDPR

The primary EU legislation ensuring the fundamental right to data protection is the General Data Protection Regulation

Cookie	Duration	Description
_SS	session	Bing sets this cookie to collect information on how visitors behave on multiple websites and to understand how they access the website, to provide relevant ads.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
SRCHD	1 year 24 days	Bing sets this cookie to display map content using Bing Maps.
SRCHUID	1 year 24 days	Bing sets this cookie to display map content using Bing Maps.
SRCHUSR	1 year 24 days	Bing sets this cookie to display map content using Bing Maps.
uncode_privacy[consent_types]	1 year	This cookie is set by Uncode WordPress theme and is used to manage privacy settings on the website.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_EDGE_S	session	Bing sets this cookie to display map content using Bing Maps.
_EDGE_V	1 year 24 days	Bing sets this cookie to display map content using Bing Maps.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_*	1 minute	Google Analytics sets this cookie to store a unique user ID.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
attribution_user_id	1 year	This cookie is set by Typeform for usage statistics and is used in context with the website's pop-up questionnaires and messengering.
MUIDB	1 year 24 days	Bing sets this cookie to determine how the user uses the website and any advertising that the end user may have seen before visiting the said website.

Cookie	Duration	Description
MUID	1 year 24 days	Bing sets this cookie to recognise unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
rl_anonymous_id	never	RudderStack set this cookie to store statistical data of users' behaviour on the website, which can be used for internal analytics by the website operator.
rl_group_id	never	RudderStack sets this cookie to collect user activity on the web.
rl_group_trait	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_page_init_referrer	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_page_init_referring_domain	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_trait	never	Rudderstack sets this cookie, which is used to store performed actions on the website.
rl_user_id	never	RudderStack set this cookie to store a unique user ID for the Marketing/Tracking purpose.
SUID	12 hours	Google Analytics sets this cookie to collect data on user preferences and/or interaction with web campaign content (Microsoft).

Cookie	Duration	Description
AWSALBTG	7 days	No description available.
AWSALBTGCORS	7 days	No description available.
SRCHHPGUSR	1 year 24 days	No description available.
tf_respondent_cc	6 months	Description is currently not available.

The World Savings and Retail Banking Institute

The European Savings and Retail Banking Group

Focus areas

Sustainable Finance

Consumer Finance

Anti Money Laundering

Prudential, Supervision and Resolution

Capital Markets Regulation

European Social Dialogue

Auditing, Accounting and Reporting

Digital Finance and Innovation

Payments

News

The World Savings and Retail Banking Institute

The European Savings and Retail Banking Group

Focus areas

Sustainable Finance

Consumer Finance

Anti Money Laundering

Prudential, Supervision and Resolution

Capital Markets Regulation

European Social Dialogue

Auditing, Accounting and Reporting

Digital Finance and Innovation

Payments

News

The cloud certification would help reduce technical, operational and security risks, and would support compliance with the EBA Outsourcing Guidelines.

Identified Concerns

Why Policymakers Should Act

Background

related

Get in touch

WSBI

ESBG

Together

Members Area

Take urgent action to combat climate change and its impacts

WSBI-ESBG members contributed to combat climate changes:

US$ 51 billion

of green bonds were issued.

US$ 64 million

was invested in philanthropic support for the environment including biodiversity protection, eco-friendly mobility solutions, and green campaigns.

A variety of climate insurances and loans for renewable energy

are offered to their customers.

Ensure inclusive and equitable quality education and promote lifelong learning opportunities for all

WSBI-ESBG members contributed actively to quality education of their customers:

US$ 469 million

was invested in philanthropic support for the education sector including skillset-building, financial education, school visits and stationery.

US$ 4 billion

of outstanding loans for scholarships, in addition to numerous savings plans dedicated to education are currently offered.

Almost 30 %

of the members offer financial education programs for their customers.

Ensure healthy lives and promote well-being for all at all ages

WSBI-ESBG members contributed directly to health improvement and well-being of their customers:

US$ 154 million

was invested in philanthropic support for the health sector including hospitals and (mobile) clinics, medical equipment, vaccinations, and health campaigns.

A wide range of health insurances and loans for health or medical purposes

are offered, reducing significantly the financial barriers to healthcare services.

Strengthen the means of implementation and revitalize global partnerships for sustainable development

In October 2023, WSBI-ESBG formed a strategic alliance with the

housed by the World Bank, further bolstering our commitment to inclusivity and diversity.

WSBI’s Development Finance Unit Scale2Save

works with development finance institutions to access international financing flows and with grant giving institutions to catalyse grant financing that supports the development of gender and climate smart solutions for greater impact at members.

Reduce inequality within and among countries

WSBI-ESBG members contributed to reducing inequalities by serving youth and rural population:

36 %

of their customers on average are 18 to 34 years old

66 %

of their customers on average, are residing in rural areas.

Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation

WSBI-ESBG members contributed to enhance the access of their customers to financial services:

88 %

of their network contact points are comprised of mobile banking and financial services agents and Point of Sales (POS) reaching last mile customers

Promote sustained, inclusive and sustainable economic growth, full and productive employment and decent work for all

WSBI-ESBG members contributed to the development of the local economy:

1,4 billion

customers are represented by the global WSBI-ESBG network.

US$ 13,5 trillion

in assets are valued by the members.

94 %