APRA rebuffed on risk warning for cloud based services
An online wealth management service provider has rejected suggestions by a corporate regulator that cloud based services are risky claiming the approach was stuck in a time-warp.
PractiFI, which offers online wealth management administration services, stated that comments by the Australian Prudential Regulation Authority (APRA) that global, multi-tenant technology providers were riskier than locally built and hosted systems were 'nonsense'.
The comments come in reply to the release of paper from APRA titled Outsourcing Involving Shared Computing Services (including Cloud) in which the regulator expressed concerns about common risks and assumptions it has seen being made by financial services providers.
APRA stated that based on its observations "it is not readily evident that risk management and mitigation techniques for public cloud arrangements have reached a level of maturity commensurate with usages having an extreme impact if disrupted".
"APRA's stance aligns with the position of other international financial regulators who also question the appropriateness of transitioning systems of record to a public cloud environment," the paper stated.
APRA also stated that many decisions to use cloud-based services were driven solely by the costs and benefits to the financial services provider without considering the risks.
However these risks could be reduced if groups chose Australian hosted options as this "eliminates a number of additional risks which can impede a regulated entity's ability to meet its obligations".
PractiFI, which uses US based cloud services provider Salesforce, claimed that APRA's approach was that "globalised, multi-tenant technologies are forever trapped as new entrants".
"The stated position¬is that anything that may be used by more than one entity, from more than one location, where the data is outside Australia, is really scary. And somehow everyone in the industry is unable to make an informed choice," said PractiFI co-founder and sales director Adrian Johnstone.
Johnstone asked whether APRA's concerns held true when comparing the ability of small local operators working on a per client basis with that of a global technology provider that handles millions of transactions per day.
“Where it all breaks down, however, is with APRA’s assertion that IT risks are dramatically ramped up when using contemporary outsourced approaches. They just aren’t,” Johnstone said.
“The inference that globalised, multi-tenant technology is inherently riskier than locally-built and hosted systems is nonsense.”
AUTHOR
Jason Spits
Recommended for you
Bell Financial Group has appointed a chief investment officer who joins the firm from Clime Investment Management.
Private markets funds with “unattractive practices” could find themselves facing enforcement activity with ASIC chair Joe Longo stating he cannot rule it out in the future.
Despite ASIC concerns about private credit funds being accessed via the advised channel, there are questions regarding how high its usage actually is among financial advisers.
Challenger has looked to the superannuation industry for its appointment of a group chief investment officer, a newly-created role.
