Guide to secure cloud banking
Swiss banks are very interested in the subject of cloud computing, but they have so far been reluctant to migrate their data – especially client data – to the cloud. This is because certain questions regarding the legal and regulatory frameworks remain unanswered.
The SBA set up a working group with the aim of creating clarity on these points. With its focus on providing a legally non-binding aid to interpretation in practice, it identified four areas that are of central importance when it comes to migrating to the cloud:
- choosing a cloud provider and its subcontractors
- processing data on bank clients and banking secrecy
- transparency and collaboration between institutions and cloud providers with regard to measures ordered by the authorities and the courts
- auditing the cloud services and the cloud infrastructure used to deliver them
These legally non-binding recommendations in four areas are intended to offer banks in Switzerland a solid foundation on which to ensure compliance in cloud banking. Each institution must decide for itself whether and how it migrates data to the cloud.