Compliance for financial services operators in Europe
Cloud services enable European financial services operators to benefit from infrastructures and platforms that offer high availability, integrity, portability and data privacy. In order to take into account this change in usage, financial services sector regulators in Europe have established new standards to provide additional guarantees in terms of security, resilience and reversibility for cloud providers operating for industry players.
The European Banking Authority (EBA) has published guidelines for managing outsourcing contracts. These guidelines have been in effect since September 2019, and they apply to credit institutions, investment firms, payment institutions and fin tech. These guidelines enable an outsourcing policy to be implemented with a centralised control approach.
Guidelines on outsourcing arrangements (PSEE) are regulated by the French Supervisory and Resolution Authority, attached to the Banque de France (central bank of France). Cloud services used by financial sector players fall into this category, allowing financial services institutions to reduce costs and risks, while improving the quality and flexibility of their services.
OVHcloud implements a policy of extending its compliance policy to meet the needs of financial services operators across all of the geographical regions in which it delivers services. It focuses on achieving this primarily in Europe. Progress varies depending on the territory. We recommend contacting your sales representative if you have specific requests.
Requirements for financial services operators
To subscribe to an OVHcloud service that complies with the EBA or ACPR (outsourcing guideline) regulations, the customer must first have signed up to a Business or Enterprise level of support for the corresponding service, and accepted the specific “OVHcloud Financial Addendum” contract appendix for this sector. Please contact our sales department.
Certifications and reports
Our customers can request access to our certifications and reports. They may also obtain documents relating to our certifications under certain conditions.
We only authorise audits carried out by third parties for the purpose of certifying all relevant parties. Please contact our sales department to access this type of service.