ESMA: Guidelines on outsourcing to cloud service providers

12 May 2021

These guidelines aim to help firms and competent authorities identify, address and monitor the risks/challenges arising from cloud outsourcing arrangements, from making the decision to outsource, selecting a cloud service provider, monitoring outsourced activities to providing for exit strategies.

These guidelines are based on Article 16(1) of the ESMA Regulation. The objectives of these guidelines are to establish consistent, efficient and effective supervisory practices within the European System of Financial Supervision (ESFS) and to ensure the common, uniform and consistent application of the requirements referred to in Section 1.1 under the heading ‘What?’ where firms outsource to CSPs.

ESMA

© ESMA