Model terms required for cloud service agreements with European banks
To print this article, simply register or log in to Mondaq.com.
An interest group of EU banks formed to help European financial institutions with the use of public cloud technology recently suggested model terms for the compliant use of cloud technology.
On 17 May 2021, the European Cloud User Coalition (“ECUC”), an EU banking interest group formed to help European financial institutions (“FIs”) with their use of public cloud technology , published a position paper with proposed solutions to challenges related to cloud technology compliance.
The proposals provide guidelines on how to deal with the requirements of outsourcing, risk management, data security and data privacy applicable to agreements between FIs and cloud service providers (“CSPs”) and include points that require model terms for cloud service agreements.
The relevant privacy, security and risk management requirements described in the position paper serve as the basis for your suggested requirements on standard contractual clauses.
The position paper suggests that the legislature or regulatory agencies address five areas with binding model terms, which include: (i) IF audit rights; (ii) subcontracting by the CSP; (iii) limitations on unilateral changes to contractual terms through embedded URLs and standardized provisions in service level agreements on service availability, performance metrics, reporting, and communication channels; (iv) classification of CSPs as controllers or processors; and (v) insurance coverage.
In addition, the position paper recommends clarifications on the scope and application of the recently proposed Digital Operational Resilience Act (“DORA”), including alignment with existing standards.
FIs should consider the requirements for outsourcing, risk management, data security, and data privacy, as well as the terms of the position document model, as a checklist for their own cloud service agreements. They should also confirm that they adequately address the operational and legal risks associated with these agreements. In addition, DORA points provide FIs with an initial view of the areas affected by DORA implementation.
The publication of the Position Paper will be consulted over the next three months. The consultation phase serves to gather feedback from CSPs, regulatory bodies and other regulated institutions, which will be incorporated into the next version of the document.
We will keep you informed of developments related to the use of cloud computing services by FIs.
The content of this article is intended to provide general guidance on the subject. You need to seek specialized advice on your specific circumstances.
POPULAR ARTICLES ON: Finance and Banking of the European Union
LIBOR final dates confirmed
The administrator of LIBOR and other interbank offer rates, ICE Benchmark Administration (“IBA”), confirmed on March 5, 2021 the announced dates for the cessation of LIBOR.
International climate finance plan
Holland & Knight
In Executive Order 14008 of the Biden Administration, Combating the Climate Crisis at Home and Abroad (EO), on January 27, 2021, President Joe Biden called for a climate finance plan …