SwissBanking
The online magazine of the Swiss Bankers Association
2018/12/12 05:05:00 GMT+1

Navigation

Message
Enabling the cloud

Enabling the cloud

Clarity in terms of how the cloud will become feasible for banks is to be established next year. To achieve this goal, the Swiss Bankers Association (SBA) is working on a checklist for its member institutions in close cooperation with various stakeholders. This should enable a risk-free migration to the cloud, which is a strategic success factor.

The future of the banks lies in the cloud. That is where they can address current and future customer needs agilely and innovatively, for example by using artificial intelligence. It is therefore not surprising that the banks are queuing up at the cloud service providers (CSPs). However, the banks are still shying away from migrating to the cloud.

Doing away with impediments

This reluctance is not due to security concerns. The banks already put those to rest some time ago. Instead, it is much more the uncertainty surrounding how banks can ensure adherence to the legal and regulatory requirements in the new technological environment that lies at the heart of their hesitation.

The Swiss Bankers Association is currently developing a guide for banks in Switzerland to provide clarity on the practical implementation of the requirements. The SBA is aligning the guide’s concrete recommendations with the authorities, CSPs and audit companies. Due to the in part unclear legal situation, this checklist will also take new approaches into account. Considering the short innovation cycles, a principles-based formulation is to also prevent the recommendations from quickly becoming obsolete. The guide is, however, in no way legally binding.

Specific challenges

The hardest nut to crack is bank client confidentiality. Many cloud services are obliged to have an international element for reasons of cost savings through scaling, access to cutting-edge international technology or remote maintenance. It is first and foremost the bank client who benefits from affordable, innovative and secure offerings. According to the current common practice, no customer data in any form is allowed to be kept abroad or be accessible from abroad. This has become a no-go-criterion for every cloud application. In particular, it obscures the fact that the Banking Act contains no such restrictions. Criminal sanctions are imposed only for negligence with regard to bank client confidentiality. In this context, the SBA’s cloud checklist aims to also highlight through which technical, organisational and contractual measures negligence can be avoided.

The hardest nut to crack is bank client confidentiality.

Another issue to be addressed are supervisory requirements, which FINMA must verify for adherence on the cloud. For example, there is a need for clear rules regarding which companies cloud providers work with at their end that could be associated with banking services.

US CLOUD Act – an elephant in the room

The question of who can access bank data in the cloud and under what circumstances must be set out clearly and restrictively. As a means in the fight against crime, the current US administration signed into law an Act that in certain cases permits access to the data of a CSP without a court order. This can even apply to cases in which the data are stored outside the US.

The question of who can access bank data in the cloud and under what circumstances must be set out clearly and restrictively.

The full implications of this US CLOUD Act are not yet clear. Other nations have the possibility of more specifically determining how access is governed and in certain cases, even pre-empted, in an executive agreement. Switzerland will have to negotiate well when it comes to reaching such an agreement with the US.

Much remains to be done

The devil is notoriously in the details. It must therefore be ensured that the guide is designed in a way that is technology and competition-neutral. To ensure the relevance of the guide, its applicability must be verified for a range of use cases. In the end, the goal is also to involve all stakeholders and for them to accept the guide as an expedient tool for the easier migration of the banks to the cloud.

It must therefore be ensured that the guide is designed in a way that is technology and competition-neutral.

The Bankers Association is now taking such considerations on board with the objective of publishing a cloud checklist for the banks in Switzerland next spring. If this is successful, it will be a win for all of Switzerland. If the strictly regulated and closely supervised banks use the cloud, then it can be assumed that from a legal perspective, it is also generally accessible to every other sector.

Add comment

The SBA reserves the right not to publish comments. This applies in particular to comments that are offensive, irrelevant or do not address the topic. It also applies to comments written in dialect or a foreign language (except for French, English and Italian). Comments posted under pseudonyms or obviously false will also not be published.

You can add a comment by filling out the form below. Plain text formatting. Comments are moderated.