To help broaden up the landscape of cloud technology in Pakistan, State Bank of Pakistan has allowed outsourcing to Cloud Service Providers for Banks/DFIs/Microfinance Banks.
Financial Institutions can avail all types of cloud service models including Software as a Service, Platform as a Service and Infrastructure as a Service, etc. from domestic and off-shore Cloud Service Providers.
Financial Institutions can use cloud services for non-core operations and business support processes such as HR Modules, Procurement Functions, Non-Production Environment, Sandboxing, Inventory Management, Supply Chain Management, Office Productivity, Customer Relationship Management Tools, Communication Tools, Security Tools, Computation and Processing Services, Data Analytics and Risk Modeling, Middleware and Payments Processing Services.
All other banking applications and allied infrastructure, which are used to store and process customers’ information relating to deposits, loans and credits and details of balances and transactions in ledger accounts of customers or borrowers, shall not be placed under cloud-based outsourcing arrangements.
Financial Institutions shall ensure that their internal/ external auditors and SBP have the right to conduct an audit and on-site inspection of the CSP or its subcontractor. Further, there should be no restriction or prohibition on visits by audit or SBP staff or such visits are otherwise not impractical.
In case, where audit cannot be conducted for a valid reason(s), Financial Institutions may rely on internationally recognized third party certifications and reports made available by CSP. However, reliance on these third party certifications and reports shall be supported by adequate understanding and review of the scope, the methodology applied therein and the ability of third party and CSP to clarify matters relating to the audit. These reports shall be shared with SBP as and when required.
Internal Controls in Cloud Outsourcing Arrangements
While entering into outsourcing arrangement with CSPs, FI(s) shall ensure that:
- All cloud based outsourcing arrangements are undertaken through legally binding Service Level Agreements (SLAs);
- FI(s)’ data is encrypted at database level, storage level and during network transmission and shall be logically segregated from other data held by the CSPs;
- The arrangement does not contain a lock-in clause. In case of exit from cloud services, FI(s) shall have contractual rights to continue with the arrangement until such time, an FI is able to switch to a substitute arrangement;
- Data transferability and portability from one CSP to another and its purging/ deletion in case of exit;
- CSP complies with SBP’s requirement for provision of data/ information relating to FI(s)’ operations;
- Disclosure of FI(s)’ data to any third-party by CSP is prohibited without approval of FI(s).
- Notwithstanding the instruction contained in section IX (h) of ‘Framework for Risk Management in Outsourcing Arrangements by Financial Institutions’, subcontracting is allowed in outsourcing arrangements with CSPs provided they shall comply with all relevant laws and SBP’s regulations.
I wanted to comment on how the site looks. I like blog like these. I love the way the blog looks. Nice layout.
Recently, I didnt give lots of consideration to leaving comments on site page articles and have placed comments even much less. Reading via your nice posting, will assist me to do so sometimes.
Hey! This is my 1st comment here so I just wanted to give a quick shout out and tell you I really enjoy reading your articles. Can you suggest any other blogs/websites/forums that go over the same subjects? Thanks!
But yeah Many thanks for taking the time to chat about this, I believe strongly about it and actually like learning more on this topic. If doable, as you gain expertise, would you mind updating your webpage with more information? It is extremely helpful for me.
Unquestionably articles & Wonderful a website.
After study few of the articles on your web site today, and I really like your way of blogging. I tag it to my bookmark internet site list and will be checking back soon. Pls visit my internet site also and let me know your thought.
Magnificent beat ! I would like to apprentice at the same time as you amend your web site, how can i subscribe for a weblog site? The account helped me a acceptable deal. I were a little bit familiar of this your broadcast provided vivid transparent idea