How should financial market participants deal with their outsourcing of data services to providers across the internet, so that it doesn’t compromise security? Now ESMA asks them what they think.

The consultation paper, published last week, is a step in the process to establish guidelines to provide “guidance on the outsourcing requirements applicable to financial market participants when they outsource to cloud service providers. In particular, they aim to help firms and competent authorities identify, address and monitor the risks and challenges that arise from cloud outsourcing arrangements,” writes the European Securities and Markets Authority (ESMA).

The proposal covers, among many aspects, what governance, documentation, oversight and monitoring mechanisms firms should have in place, and what due diligence should be performed ahead of outsourcing. Another topic is how competent authorities should supervise the outsourcing arrangements.

“Financial markets participants should be careful that they do not become overly reliant on their cloud services providers.. They need to closely monitor the performance and the security measures of their cloud service provider and make sure that they are able to exit the cloud outsourcing arrangement as and when necessary,” says ESMA chairman Steven Maijoor in a press release.

The deadline for response, by those who want to make their voices heard, is 1 September.

(Photo: Tom Barrett / Unsplash)