Follow Us

Follow us on Twitter  Follow us on LinkedIn
 

28 March 2019

EIOPA calls for principle based regulation of cloud computing


The European Insurance and Occupational Pensions Authority published its Report on "Outsourcing to the Cloud: EIOPA's Contribution to the European Commission Fintech Action Plan".

The European Commission's FinTech Action Plan requested that the European Supervisory Authorities (ESAs) explore the need for guidelines on outsourcing to cloud service providers by the end of the first quarter of 2019.

In the European financial regulatory landscape, the purchase of cloud computing services falls within the broader scope of outsourcing. For the (re)insurance sector, the current Solvency II regulatory framework includes measures on outsourcing to ensure it does not impact the financial stability and policyholder protection objectives of the framework. EIOPA's guidelines on System of Governance provide some further principle based guidance.

Cloud computing is a fast developing service. Based on a survey conducted by the National Supervisory Authorities (NSAs), it is not yet extensively used by (re)insurance undertakings. It is used mainly by newcomers, within a few market niches and by larger undertakings for non-critical functions. However, as part of their wider digital transformation strategies many European large (re)insurers are expanding using the cloud.

While cloud computing falls under existing regulatory measures on outsourcing, current guidance on these measures, including at the national level, is not homogenous. At the same time, the majority of the NSAs responsible for both banking and (re)insurance supervision are considering the Recommendations issued by the European Banking Authority (EBA), which have been integrated into further Guidelines on outsourcing arrangements as a reference for the management of cloud outsourcing.

The results of the survey confirm the alignment of the usage of cloud computing services by (re)insurance undertakings to the banking sector. This is also true for the risks arising from the usage of cloud computing by (re)insurance undertakings, with few minor (re)insurance specificities.

In order to avoid potential regulatory arbitrage and to support market participants in the course of the first half of 2019 EIOPA has concluded in favour of developing Guidelines on Cloud Outsourcing, building on the substance of the EBA Recommendations. EIOPA will seek stakeholders' input via a public consultation and a roundtable discussion with the aim to issue the final guidelines by the end of 2019.

Full information

Report



© EIOPA


< Next Previous >
Key
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information



Add new comment