Cloud-based regulation of the financial industry


  1. Brief description of cloud technologies;
  2. Legal regulation of the use of cloud technologies in the field of finance;
  3. What conditions must be met by financial market participants to protect confidentiality?
  4. How do banks implement cloud technologies in their work?

Cloud-based regulation of the financial industry

Any financial institution strives to offer its customers high-quality and modern service. For this, banks actively cooperate with fintech companies and introduce the latest technological solutions into their work. Among them are cloud technologies, which are designed to speed up data processing many times over. Statistics show the steady growth of the cloud computing market. This trend is observed in Russia and the largest countries of the world with a developed credit and banking system. The capabilities of virtual infrastructure in the finance industry are used to manage sales, marketing, and customer service.

The world's largest manufacturers of applications for banking systems offer software products that use cloud technologies. Such solutions are used to test loads on various elements of the banking system, to model and assess credit risks.

Cloud technologies are in demand not only by banks, but also by companies whose activities are related to investments, the international securities market.

Clouds are classified as public and private. Public virtual services are virtual services that are provided by third parties. Private clouds are computing resources that run in the trusted zone of the corporate network.

Until recently, the only limiting factor for the adoption of cloud technologies was the provision of data security and the lack of clear legal regulation. To date, these issues have practically been resolved thanks to innovations.

Legal regulation of the use of cloud technologies in the field of finance

The regulators that determine the rules for the use of cloud computing in banks and investment companies are a number of structures. Among them are government agencies, the Central Bank, FSTEC, FSB, international payment systems. Among the decrees that directly or indirectly regulate this issue are Federal Laws № 149 ("On information, information technology and information protection"), № 152 ("On personal data"), № 161 ("On the national payment system ").

The Central Bank has developed a number of regulations and industry standards that regulate the procedure for maintaining and storing databases using electronic media, and determine how to protect data from leakage when transferring funds.

The orders of the FSTEC and the methodological recommendations of the FSB are directed to the security of confidential data during their accumulation and processing with the help of information systems.

None of the applicable laws and regulations prohibit the use of cloud computing. Restrictions and work standards are primarily aimed at the safety of collection, storage and transmission of information.

What conditions must be met by financial market participants to protect confidentiality?

Information on security measures is contained in the Order of the FSTEC RF №17, which is based on the Federal Law №152 "On the protection of personal data." If financial market participants work with data, the following requirements must be met:

  1. Access subjects and objects must undergo mandatory authentication and identification.
  2. The software environment should be limited with the mandatory protection of machine storage media of personal data.
  3. It is necessary to continuously monitor the security of personal information using active protection against computer viruses, protection of the virtualization environment and technical means from cyber attacks.
  4. Intrusion detection and response should be continuously monitored. 

How do banks implement cloud technologies in their work?

To build a virtual infrastructure, financial market participants need to conclude an agreement with a cloud provider. Experts emphasize that when signing this agreement, the parties need to decide on the legal aspects of the transaction and its technical support. Typically, the cloud provider is responsible for protecting the virtual environment from external threats such as DDOS attacks, data leaks, and malicious applications. The same applies to updating and configuring software, making changes to the work with personal data in accordance with new legal requirements.

As for the client, his area of ??responsibility includes maintaining security inside the virtual machines provided for operation.

Lawyers of A4 Law Firm have a narrow specialization related to the implementation of IT technologies in modern business. We will advise clients on the application of specialized regulatory legal acts, help to competently draw up a contract or amend existing documentation.


Актуальные новости и статьи

Copyright protection for software and computer games is an issue that lawyers often face in connection with the active development of the gaming industry. Computer games are complex objects of intellectual property. Even if the developer registers a trademark and files a patent, some elements can still be used by third parties. The least protected objects include source code, game characters, music, graphics.
Узнать подробнее
Due to the development of cryptocurrencies and the growth of their value, legislators in many countries pay close attention to them and develop appropriate regulation. At the moment, Estonia is one of the most attractive jurisdictions for doing cryptocurrency business.
Узнать подробнее
A marketplace is an online platform designed for buying and selling goods. The marketplace acts as an intermediary between the buyer and seller, providing them with a convenient platform for placing goods and buying them.
Узнать подробнее
With the development of pop culture, the layer of its influence on society increases. At the time of 2021, there is a huge fan base, divided into societies, depending on their favorite work. Accordingly, in order to express their own creative potential, the fan base expresses it in the form of their own interpretation.
Узнать подробнее
Gibraltar is a British Overseas Territory located on the border of Europe and Africa and is an extremely attractive jurisdiction. Gibraltar is currently in the stage of economic growth, attracting a large number of investments from all over the world. Also, this jurisdiction is considered one jurisdiction with a high level of confidentiality and a fairly moderate tax regime. The first step in transferring your assets to Gibraltar is to set up a company. This is quite simple to do compared to other offshore jurisdictions.
Узнать подробнее
In the legislation of the Russian Federation, there is no mandatory requirement for registration of copyright. Copyright arises at the time of creation of the object, therefore, there is no obligation to legally enforce the right. Despite this, attribution disputes are not uncommon for courts, and a deposit procedure exists to avoid lengthy litigation.
Узнать подробнее
In connection with the general transition to online, business owners are increasingly faced with the need to create a website. Online business presentation increases your sales and brand awareness. At the same time, you should take a responsible attitude to the legal registration of relations with the developers of the site, since mistakes in drawing up a contract can lead to extremely negative consequences.
Узнать подробнее
When deciding to block a site, government agencies are required to act in accordance with Federal Law No. 149. This law provides a large number of grounds for blocking any resource. Article 15.1 149-FZ and Decree of the Government of the Russian Federation of October 26, 2012 No. 1101 establish a list of bodies authorized to make a decision on blocking a site, and also introduces a register of sites containing information prohibited in Russia. Any resource for which such a decision has been made is included in this register. Inclusion of a site in such a register means restricting access to it in Russia. Internet providers rely on this registry and, when any site gets there, they suspend access to it.
Узнать подробнее
By pressing the subscribe button I agree to the  Privacy Policy
г.Москва г. Москва, Новоданиловская наб., дом 6, корп. 1, БЦ "Данилов плаза" +7 (499) 841-05-05