The Financial Conduct Authority (FCA) has published its guidance on adopting the “cloud” (the FCA Guidance). This is applicable to all regulated firms, including those (banks and insurers) which are dual-regulated by the Prudential Regulation Authority (PRA). Whilst the PRA has not published its own guidance on the cloud, dual-regulated firms will need to be cognisant of both PRA and FCA rules and guidance (where they exist) in considering cloud services. We use the term “rules” throughout to indicate both FCA and PRA rules. This guide summarises our key privacy and security features and shows how Microsoft enterprise cloud offerings help firms meet the core “outsourcing” regulatory requirements in the UK. In particular, it explains how Microsoft’s services align with the FCA Guidance.
Microsoft aims to make the required regulatory due diligence process easier for Customers by collaborating with them throughout the outsourcing cycle by offering a wide range of information through the Trust Center and the Service Trust Portal (that can be accessed by customers through the Trust Center) designed to aid due diligence, as well as tailored contractual provisions to help meet regulatory obligations of the outsourcing cycle. Many of our customers are global entities and, given our size and reach, we are able to offer assistance across multiple jurisdictions.