APRA rebuffed on risk warning for cloud based services
An online wealth management service provider has rejected suggestions by a corporate regulator that cloud based services are risky claiming the approach was stuck in a time-warp.
PractiFI, which offers online wealth management administration services, stated that comments by the Australian Prudential Regulation Authority (APRA) that global, multi-tenant technology providers were riskier than locally built and hosted systems were 'nonsense'.
The comments come in reply to the release of paper from APRA titled Outsourcing Involving Shared Computing Services (including Cloud) in which the regulator expressed concerns about common risks and assumptions it has seen being made by financial services providers.
APRA stated that based on its observations "it is not readily evident that risk management and mitigation techniques for public cloud arrangements have reached a level of maturity commensurate with usages having an extreme impact if disrupted".
"APRA's stance aligns with the position of other international financial regulators who also question the appropriateness of transitioning systems of record to a public cloud environment," the paper stated.
APRA also stated that many decisions to use cloud-based services were driven solely by the costs and benefits to the financial services provider without considering the risks.
However these risks could be reduced if groups chose Australian hosted options as this "eliminates a number of additional risks which can impede a regulated entity's ability to meet its obligations".
PractiFI, which uses US based cloud services provider Salesforce, claimed that APRA's approach was that "globalised, multi-tenant technologies are forever trapped as new entrants".
"The stated position¬is that anything that may be used by more than one entity, from more than one location, where the data is outside Australia, is really scary. And somehow everyone in the industry is unable to make an informed choice," said PractiFI co-founder and sales director Adrian Johnstone.
Johnstone asked whether APRA's concerns held true when comparing the ability of small local operators working on a per client basis with that of a global technology provider that handles millions of transactions per day.
“Where it all breaks down, however, is with APRA’s assertion that IT risks are dramatically ramped up when using contemporary outsourced approaches. They just aren’t,” Johnstone said.
“The inference that globalised, multi-tenant technology is inherently riskier than locally-built and hosted systems is nonsense.”
AUTHOR
Jason Spits
Recommended for you
The possibility of a private credit ETF is looking unlikely for now with US vehicles seeing limited uptake, according to commentators, but fixed income alternatives exist that can provide investors with a similar return.
Ahead of the approaching end of the financial year, State Street has shared five tips for advisers who are using ETFs in their client portfolios.
The use of active ETFs in model portfolios by financial advisers is a key factor in the growth of the products for iShares, according to BlackRock.
Global asset manager BlackRock has identified bringing private markets to the wealth channel as a key business area for the firm that could generate US$500 million in revenue in the future.
