In meeting with financial institutions customers from around the world, the top questions I receive, universally, are the following: What are the regulatory requirements we must meet, and how can you help me in meeting these requirements?
At Microsoft, we are deeply invested in engaging with financial services regulators and customers to understand what regulatory requirements must be satisfied and, further, to build in capabilities in our cloud services (Microsoft Azure, Office 365, and Dynamics 365) to help customers meet such requirements. Indeed, as part of these efforts, we have shared perspectives with regulators how outsourcing requirements should be modernized so they adapt to the scale of cloud computing, which has resulted in positive change to regulatory requirements, including most recently the European Banking Authority’s Draft Guidelines On Outsourcing Arrangements (25, February, 2019). At the same time, however, we understand that, from a risk management perspective, customers must be assured of having the same level of protections when it comes to security, privacy, and compliance in using our cloud services.
As a result of these efforts, and with the insights we have learned through this regulatory and industry outreach, Microsoft has created compliance checklists for leading capital markets in over 25 countries from around the globe. We believe these checklists are helpful resources for customers to use when doing risk assessments and mapping regulatory requirements in using our cloud services.
What are these regulatory compliance checklists?
These checklists provide background on the regulatory requirements for outsourcing of IT, which includes use of cloud services:
- They are helpful in providing an overview of the regulatory landscape, including the applicable regulatory requirements, and an explanation of which regulators are responsible for supervising the financial institution.
- The compliance checklists explain in detail the regulatory issues that need to be addressed, including on governance, security, privacy, audits, SLAs, what constitutes material outsourcing, what notification and approvals are required, and what should be addressed concerning business continuity and exit planning.
- The compliance checklists map each of the requirements to Microsoft’s cloud services, including how we operate the service, what information we provide to customers to cross-check what we do, and what commercial commitments we provide.
Why are these needed?
We have learned that customers will only use technology they trust. In the financial services industry, regulatory compliance is a critical component to using IT for key elements of banking and insurance activities. The checklists provide a roadmap for financial services institutions to adopt Microsoft cloud services with confidence that they are meeting the applicable regulatory requirements. The checklists act as:
- A way of understanding the regulatory requirements.
- A way of learning more about how Microsoft cloud services can help financial institutions meet these regulatory requirements.
- A tool for documenting internal compliance.
- A tool to that can assist in consultations and notifications with regulators.
We will continue to engage with regulators and customers around the globe to maintain vigilance and improvements in our approach to aiding in regulatory compliance requirements. For more information and to review a checklist for your specific market, please visit the Microsoft Trust Center.