The online magazine of the Swiss Bankers Association
December 13, 2019


The Bankers Association opens the door to the cloud

The Bankers Association opens the door to the cloud

Banks in Switzerland are making great efforts to prepare for the cloud. They are aware that it is no longer a question of if, but when they will migrate to the cloud. The reason for this is simple: the cloud is a critical factor for the success of the overall economy and the financial sector in Switzerland.

Cloud services facilitate the agile, innovative and cost-effective development of business models. They reduce the need for banks to maintain their own expensive infrastructures. At the same time, they benefit from the speed of the high-performance data centres offered by cloud providers. Smaller banks in particular benefit from these solutions. The cloud thus makes an important contribution to ensuring the continued diversity of the Swiss banking centre in the future.

Secure in the cloud

However, a comprehensive migration to the cloud is not yet taking place at banks in Switzerland. They have been hesitant to migrate their data to the cloud to date because there are still unanswered questions about certain legal and regulatory framework conditions. Two years ago, the Swiss Bankers Association took up the cause of eliminating these uncertainties.

The Cloud Guidelines published by the Bankers Association in March have served as a catalyst. The non-binding recommendations on the correct interpretation of the legal and regulatory framework were very well received. They have found their way into the business set-ups of cloud providers and serve as a guide for consulting firms. The recommendations are even being discussed abroad.

The reason for this success is the broad-based contribution made to the guidelines during their development, but also the flexible and pragmatic interpretations they provide.

Cloud Seminar draws many participants 

WhatsApp Image 2019-11-12 at 11.23.23.jpeg
Banking goes to the cloud

As a complement to these activities, the Bankers Association invited around 150 cloud specialists to the “Banking goes cloud” event in mid-November. The aim was to demonstrate the importance of the cloud for banks and to accelerate secure migration to the cloud through the exchange of information and by discussing solutions. The event successfully brought together expert opinions and explored everyday challenges relating to implementation.

While there is a veritable flood of competing events in many areas of digital financial innovation, there had previously been a gap as regards the cloud. The meeting of representatives from banks and the authorities, cloud providers, lawyers, IT experts and consultants was the first of its kind in the cloud segment and was well received by participants.

Clarification was needed

As expected, the two elephants in the room were the uncertainties in connection with foreign authorities’ access to customer data in the cloud (see box) and bank-client confidentiality. The key insight gained from the event was that it is possible to reduce the relevant risks through specific measures in such a way that the costs of non-migration appear high by comparison. It is therefore expected that the majority of banks will be on the cloud in a few years, even with their customer data.

Swiss authorities need to look into an executive agreement with the US (US CLOUD Act)

The cross-border flow of data is increasing continuously. More and more criminal investigations rely on electronic evidence that is not in the public domain and is held on companies abroad. Facilitating cross-border access to electronic evidence is a new legal necessity that is also being discussed in Switzerland.

The US has for the first time concluded an agreement on the basis of the US CLOUD Act to facilitate access to cross-border electronic evidence. The agreement with the UK was signed at the beginning of October. A similar agreement with the US is also being discussed in Switzerland.

The Swiss Bankers Association supports preliminary clarifications on the negotiations for an executive agreement with the US, provided Switzerland’s requirements for such agreement to ensure adequate protection of its citizens and institutions are met.

To this end, it defines minimum requirements in a position paper. These requirements should apply to international investigations and the disclosure of information. At present, the requirements are:

  • tight restrictions concerning potential addressees, natural persons and legal entities affected and the data and crimes,
  • preservation of the rights of those concerned as well as data and legal protection and
  • protection of bank-client confidentiality.