SINGAPORE – Media OutReach – 9 July 2021 – Asia Cloud Computing Association (ACCA) released its 2021 report on the financial services sector, Better on the Cloud – Financial Services in Asia Pacific. This is the third iteration of this report, examining the nuances of cloud and technology adoption by the Asia Pacific financial services sector.
The report examines eleven Asia Pacific markets, looking at the digital transformation accrued by jurisdictions which have facilitated greater cloud adoption within their financial sectors. The report reviews developments and policy adjustments made by regulators to work with financial institutions (FIs) and cloud service providers (CSPs) – adjustments which unlock the enabling power of cloud as a key support technology for FI business objectives, and risk management.
- Recommendation #1 – Governments have publicly affirmed the adoption of public cloud for financial institutions (FIs).
- Recommendation #2 – Regulations should set out clear and not unduly burdensome processes for FIs to follow when adopting cloud services.
- Recommendation #3 – Regulations should not require regulatory prior approval for implementation of cloud services for each workload.
- Recommendation #4 – Regulations should be risk-based and clearly differentiate applicability to material and non-material workloads and for non-material workloads requirements should be minimal.
- Recommendation #5 – Regulations should have a clear distinction between control vs processing of data.
- Recommendation #6 – Geographic Restrictions: (a) Regulations should permit the cross-border transfer of data, and (b) Regulations should not require data to be stored in a specific geography.
- Recommendation #7 – Regulations should not prescribe terms of cloud contracts.
- Recommendation #8 – Regulations should not create a right to government for unrestricted physical audit access rights to CSP facilities.
- Recommendation #9 – Regulations and regulators are neutral as to foreign or domestic CSPs.
- Recommendation #10 – Regulations promote a risk-based approach to effective operational resiliency, which may include non-mandatory guidance encouraging the FI to consider business continuity and disaster recovery planning, geographic diversity, reversibility, exit planning, and vendor choice, among other factors.
Strengths and Opportunities for Regulatory Improvement
“From the report’s analysis, the leading markets have fully achieved most, if not all of our recommendations,” said Eric Hui, Chair of the ACCA, noting the improvements in APAC’s pro-cloud policies. “Financial regulators in Australia, Philippines, Singapore and Japan have made strong positive statements, or through their guidance, clearly support the adoption of cloud computing by FIs.”
However, there are opportunities for regulatory enhancement, to increase clarity and reduce cloud deployment times. “Beyond the leading regulators, there is a group of markets where the shift to cloud is more challenging because some regulatory requirements may tend to impede cloud adoption and technological innovation in the FIs,” adds Lim May-Ann, Executive Director of the ACCA. “There are variations on why this is the case for each of these markets, and this report provides a deep dive market analysis to examine market nuances further.”
One such nuance is the requirements for a regulatory approval or notice of no-objection from the financial regulator when deploying cloud technology. “In some markets the regulator requires approval or a notice of non-objection for each occasion an FI intends to place a workload on a cloud service, and this process can be highly repetitive, lengthy and opaque, which can impede cloud deployment,” observes Bojan Obradovic, Head of Cloud Services, HSBC, a member of the ACCA. “Regulators should consider the FI’s risk-based analysis – and how the standards, best practices and certifications of a CSP align with objectives.”
The report is available for free download at https://www.asiacloudcomputing.org. Markets covered include Australia, Hong Kong, India, Indonesia, Japan, Malaysia, Philippines, Singapore, South Korea, Taiwan, Thailand – along with two global benchmark jurisdictions markets, the United Kingdom and the United States of America (federal, and New York state.)
About Asia Cloud Computing Association (ACCA)
The ACCA is the apex industry association for Asia Pacific stakeholders in the cloud computing ecosystem. We represent a vendor-neutral voice of the private sector to government and other stakeholders, with the mission to accelerate the adoption of cloud computing through Asia Pacific by helping to create a trusted and compelling market environment, and a safe and consistent regulatory environment for cloud computing products and services.
#AsiaCloudComputingAssociation #ACCA
