NEW CYSEC CIRCULAR C457 adopting ESMA Guidelines on Outsourcing to Cloud Services Providers
On 9 July 2021 the Cyprus Securities and Exchange Commission (“CySEC”) has adopted the Guidelines of the European Securities and Markets Authority (“ESMA”) on Outsourcing to Cloud Services Providers (“CSPs”) (the “Guidelines”).
Firms that must review and follow the new Guidelines are, among others: alternative investment fund managers (AIFMs), management companies of collective investment schemes (ManCos), trade repositories and investment firms (CIFs).
The purpose of the Guidelines is to establish a harmonized framework of uniform and effective practices for firms to follow when outsourcing to CSPs within the European System of Financial Supervision (“ESFS”).
As per the Guidelines:
The Guidelines apply as of 31 July 2021 to all cloud outsourcing arrangements entered into, renewed, or amended on or after this date. Firms are, therefore, required to review and amend their existing cloud outsourcing arrangements to ensure that they are in alignment with the Guidelines by 31 December 2022. In case Firms are not able to meet this deadline on cloud outsourcing arrangements of critical or important functions, they should inform CySEC, together with their plan of action for compliance with the Guidelines.
Authors: Huseyin Erguven, Polyvios Nikolaou