Banks and large financial service providers offering their services in the European Union are set to face tough new regulations on services that have, or are planning to move to the cloud.
Migrations to the cloud face tough new EU rules
Service providers will have to show how quickly they could recover from a cyber attack as they rely more and more heavily on the benefits of key services being delivered from cloud computing.
EU Regulators are worried about the speed and scale at which banks, insurers and investment firms are moving critical functions and market operations onto a handful of cloud platform giants such as Amazon, Microsoft, Google and IBM.
A glitch at one cloud company could potentially bring down services across many financial firms, regulators have said.
The EU Council, which represents the 27 member states, said it has completed the bloc’s final approval stage for the new Digital Operational Resilience Act, known as DORA.
DORA sets uniform requirements for the security of network and information systems of companies and organisations operating in the financial sector as well as critical third parties which provide ICT (Information Communication Technologies)-related services to them, such as cloud platforms or data analytics services.
DORA creates a regulatory framework on digital operational resilience whereby all firms need to make sure they can withstand, respond to and recover from all types of ICT-related disruptions and threats.
These requirements are homogenous across all EU member states. The core aim is to prevent and mitigate cyber threats.
Banks and other financial firms already have plans for IT security but more was needed so they stay resilient through a severe disruption, said Zbynek Stanjura, finance minister for the Czech Republic, which holds the EU presidency.
“Thanks to the harmonised legal requirements which we adopted, our financial sector will be better able to continue to function at all times,” Stanjura said.
The requirements will apply to financial firms and “critical” third parties supplying cloud based services.
“If a large-scale attack on the European financial sector is launched, we will be prepared for it,” Stanjura said.
The bloc’s securities, insurance and banking watchdogs will write technical rules to implement the new law.
The European Parliament, which had joint say, has already given the green light and the law will come into force around the end of 2024.
Given the ever-increasing risks of cyber attacks, the EU is strengthening the IT security of financial entities such as banks, insurance companies and investment firms.
The post Bank migrations to the cloud face tough new EU rules appeared first on Payments Cards & Mobile.
