APRA rebuffed on risk warning for cloud based services
An online wealth management service provider has rejected suggestions by a corporate regulator that cloud based services are risky claiming the approach was stuck in a time-warp.
PractiFI, which offers online wealth management administration services, stated that comments by the Australian Prudential Regulation Authority (APRA) that global, multi-tenant technology providers were riskier than locally built and hosted systems were 'nonsense'.
The comments come in reply to the release of paper from APRA titled Outsourcing Involving Shared Computing Services (including Cloud) in which the regulator expressed concerns about common risks and assumptions it has seen being made by financial services providers.
APRA stated that based on its observations "it is not readily evident that risk management and mitigation techniques for public cloud arrangements have reached a level of maturity commensurate with usages having an extreme impact if disrupted".
"APRA's stance aligns with the position of other international financial regulators who also question the appropriateness of transitioning systems of record to a public cloud environment," the paper stated.
APRA also stated that many decisions to use cloud-based services were driven solely by the costs and benefits to the financial services provider without considering the risks.
However these risks could be reduced if groups chose Australian hosted options as this "eliminates a number of additional risks which can impede a regulated entity's ability to meet its obligations".
PractiFI, which uses US based cloud services provider Salesforce, claimed that APRA's approach was that "globalised, multi-tenant technologies are forever trapped as new entrants".
"The stated position¬is that anything that may be used by more than one entity, from more than one location, where the data is outside Australia, is really scary. And somehow everyone in the industry is unable to make an informed choice," said PractiFI co-founder and sales director Adrian Johnstone.
Johnstone asked whether APRA's concerns held true when comparing the ability of small local operators working on a per client basis with that of a global technology provider that handles millions of transactions per day.
“Where it all breaks down, however, is with APRA’s assertion that IT risks are dramatically ramped up when using contemporary outsourced approaches. They just aren’t,” Johnstone said.
“The inference that globalised, multi-tenant technology is inherently riskier than locally-built and hosted systems is nonsense.”
AUTHOR
Jason Spits
Recommended for you
Pitcher Partners has urged caution about the use of private credit funds, despite a widespread push by fund managers on the benefits of the products.
Just one day after Selfwealth received a “highly attractive” acquisition bid from Bell Financial Group, it has received a second non-binding indicative proposal from a rival.
With nearly one-third of financial advisers utilising Australian Ethical’s investment options, expanding its advised channels remains a key focus for the firm.
The firm has looked overseas to tap Lucinda Hill for the newly created role of executive general manager, product and operations, as it looks to expand into the US.
