Brought to you by:

APRA issues warning on cloud computing

The Australian Prudential Regulation Authority (APRA) is warning insurers to maintain their own risk assessment and management procedures when looking at outsourcing IT services offshore.

A number of financial services companies are looking at the use of “cloud computing” – when IT assets such as hardware, software and data management are hosted outside the company’s locally based operating systems.

The regulator has written to insurers warning that although the use of cloud computing for some services might seem innocuous, the move is a critical part of the ongoing operations of the institution.

“APRA has noted that its regulated institutions do not always recognise the significance of cloud computing initiatives and fail to acknowledge the outsourcing or offshore elements in them,” it says in the letter.

“As a consequence the initiatives are not being subjected to the usual rigour of existing outsourcing and risk management framework and the board and senior management are not fully informed and engaged.”

insuranceNEWS.com.au understands that the ability to control the offshore operations of a company acting outside an Australian institution’s compliance regime is worrying APRA.

The regulator has become concerned the focus is on operational efficiency and cost savings rather than looking at the risk of what happens when something goes wrong.

There would also be issues with bringing back a service and integrating it with the institution’s operating systems again.

APRA says in its letter it will continue to examine any outsourcing arrangements to ensure prudential concerns are addressed by senior management.