The Cloud in the Compliance sky

Recent years have seen a dramatic rise in the popularity of cloud-based computing services. Although cloud computing is not a new concept, its adoption by IT giants such as Microsoft, Amazon and Google has resulted in a wave of such services being introduced to the market. But, despite claims of cost savings, speed of response and reliability, chief technology officers working in financial services firms have generally resisted adopting cloud computing – in part due to the heavy regulatory burden to which systems in the industry are subject. Dan Burge and Anna Doherty explore how FSA rules may impact on the development of cloud computing and consider whether problems are being forced underground.

Dan Burge (dan.burge@snrdenton.com) is a partner with expertise on sourcing and technology issues, while Anna Doherty (anna.doherty@snrdenton.com) is a trainee solicitor, at SNR Denton.

Relevant FSA regulation

Despite the seemingly inexorable rise of cloud computing use, the FSA has not yet issued any direct rules or guidance on its deployment. However, FSA-regulated entities must still comply with the Markets in Financial Instruments Directive (MiFID), implemented in the UK by the Senior Management Arrangements, Systems and Controls (SYSC) Rules. These rules impose strict requirements on financial services organisations, which may conflict with some characteristics of cloud computing services. As yet it is not clear what, if any, view the FSA will take on the application of these rules to cloud computing and as a consequence regulated entities have been unwilling to expose themselves to any unnecessary risks by jumping on the cloud bandwagon.