APRA rebuffed on risk warning for cloud based services
An online wealth management service provider has rejected suggestions by a corporate regulator that cloud based services are risky claiming the approach was stuck in a time-warp.
PractiFI, which offers online wealth management administration services, stated that comments by the Australian Prudential Regulation Authority (APRA) that global, multi-tenant technology providers were riskier than locally built and hosted systems were 'nonsense'.
The comments come in reply to the release of paper from APRA titled Outsourcing Involving Shared Computing Services (including Cloud) in which the regulator expressed concerns about common risks and assumptions it has seen being made by financial services providers.
APRA stated that based on its observations "it is not readily evident that risk management and mitigation techniques for public cloud arrangements have reached a level of maturity commensurate with usages having an extreme impact if disrupted".
"APRA's stance aligns with the position of other international financial regulators who also question the appropriateness of transitioning systems of record to a public cloud environment," the paper stated.
APRA also stated that many decisions to use cloud-based services were driven solely by the costs and benefits to the financial services provider without considering the risks.
However these risks could be reduced if groups chose Australian hosted options as this "eliminates a number of additional risks which can impede a regulated entity's ability to meet its obligations".
PractiFI, which uses US based cloud services provider Salesforce, claimed that APRA's approach was that "globalised, multi-tenant technologies are forever trapped as new entrants".
"The stated position¬is that anything that may be used by more than one entity, from more than one location, where the data is outside Australia, is really scary. And somehow everyone in the industry is unable to make an informed choice," said PractiFI co-founder and sales director Adrian Johnstone.
Johnstone asked whether APRA's concerns held true when comparing the ability of small local operators working on a per client basis with that of a global technology provider that handles millions of transactions per day.
“Where it all breaks down, however, is with APRA’s assertion that IT risks are dramatically ramped up when using contemporary outsourced approaches. They just aren’t,” Johnstone said.
“The inference that globalised, multi-tenant technology is inherently riskier than locally-built and hosted systems is nonsense.”
AUTHOR
Jason Spits
Recommended for you
Clime Investment Management has welcomed an independent director to its board, which follows a series of recent appointments at the company.
Ethical investment manager Australian Ethical has cited the ongoing challenging market environment for its modest decrease in assets over the latest quarter.
Commentators have said Australian fund managers are less knowledgeable compared with overseas peers when it comes to expanding their range with ETFs and underestimating the competition from passive strategies.
VanEck is to list two ETFs on the ASX next week, one investing in residential mortgage-backed securities and the other in Indian companies.
