In a report published this week, the Australian Prudential Regulation Authority (APRA) outline the risks that cloud computing and other IT sharing methods pose for banks, as they are increasingly being used for outsourcing.
Outsourcing is when different companies attempt to reduce costs by moving portions of work to external suppliers. The Sydney Morning Herald said that the APRA noticed some discrepancies when banks decided to use this system in order to make greater use of infrastructure maintained by other companies, rather than within the bank itself.
Bank regulator APRA also revealed that cloud computing was being used for higher level services which increased risk for the industry. “Risk-management practices, including risk identification and mitigation techniques, are still maturing for these types of arrangements, elevating the level of risk to APRA-regulated entities,” the report said.
The authority also found that many outsourcing applications for the public cloud were put across with the sole intention of cutting costs, with a lack of attention being paid to data security. The paper consolidated this by saying that risk management techniques had not reached a level of maturity and banks would not be prepared if the system was disrupted, according to The Sydney Morning Herald.
APRA state that further guidance is necessary for future users of cloud computing as outsourced IT continues to grow. Alongside this, if companies begin to implement cloud computing systems, it would encourage banks to update their systems because the smaller businesses would become competitors.
Hugh Harley, PwC financial services leader said that although the APRA were not introducing any new standards, it is making financial institutions aware of the precautions that need to be taken. “I think the main point is that this is an evolving area, so by definition, not all the risks can be known at this stage,” Harley said.
Despite the data protection regulation being implemented in 2018, 69% of IT decision makers don’t have the backing of their board to achieve GDPR compliance, according to Calligo.
The majority of the region’s 28 member states report that the situation has worsened over the past year, reports business management consultant Verisk Maplecroft.
Regulators in the UK, the US and Hong Kong instituted proceedings against more than 1,700 individuals last year, or four times the number of cases brought against companies.
The US Commodity Futures Trading Commission approved LedgerX as the first regulated clearing house for derivatives contracts settling in digital currencies.