APRA rebuffed on risk warning for cloud based services
An online wealth management service provider has rejected suggestions by a corporate regulator that cloud based services are risky claiming the approach was stuck in a time-warp.
PractiFI, which offers online wealth management administration services, stated that comments by the Australian Prudential Regulation Authority (APRA) that global, multi-tenant technology providers were riskier than locally built and hosted systems were 'nonsense'.
The comments come in reply to the release of paper from APRA titled Outsourcing Involving Shared Computing Services (including Cloud) in which the regulator expressed concerns about common risks and assumptions it has seen being made by financial services providers.
APRA stated that based on its observations "it is not readily evident that risk management and mitigation techniques for public cloud arrangements have reached a level of maturity commensurate with usages having an extreme impact if disrupted".
"APRA's stance aligns with the position of other international financial regulators who also question the appropriateness of transitioning systems of record to a public cloud environment," the paper stated.
APRA also stated that many decisions to use cloud-based services were driven solely by the costs and benefits to the financial services provider without considering the risks.
However these risks could be reduced if groups chose Australian hosted options as this "eliminates a number of additional risks which can impede a regulated entity's ability to meet its obligations".
PractiFI, which uses US based cloud services provider Salesforce, claimed that APRA's approach was that "globalised, multi-tenant technologies are forever trapped as new entrants".
"The stated position¬is that anything that may be used by more than one entity, from more than one location, where the data is outside Australia, is really scary. And somehow everyone in the industry is unable to make an informed choice," said PractiFI co-founder and sales director Adrian Johnstone.
Johnstone asked whether APRA's concerns held true when comparing the ability of small local operators working on a per client basis with that of a global technology provider that handles millions of transactions per day.
“Where it all breaks down, however, is with APRA’s assertion that IT risks are dramatically ramped up when using contemporary outsourced approaches. They just aren’t,” Johnstone said.
“The inference that globalised, multi-tenant technology is inherently riskier than locally-built and hosted systems is nonsense.”
AUTHOR
Jason Spits
Recommended for you
Several wealth management companies have been shortlisted in the second annual Australian AI Awards program, which champions individuals and organisations pioneering Australian AI innovation.
Women are expected to inherit US$124 trillion through the intergenerational wealth transfer, but Capital Group has found they are twice as likely to rely on social media for advice over a financial adviser.
Challenger Investment Management has raised $350 million during the offer period for its new ASX-listed investment structure.
A week after Lonsec downgraded multiple funds from Metrics Credit Partners, rival research house Zenith Investment Partners has opted to retain its ratings for the same funds.
