These statements are alligned with all members of the ECUC.
What is the ECUC?
ECUC is an interest group for European Financial Institutions in Cloud related questions. The ECUC was founded in January 2021 and has currently 25 members from nine European countries.
What are the objectives of ECUC?
The ECUCs objective is to promote regulatory compliant use of public cloud in the European financial industry through technology standardization, developing common solutions and dialogue with the Cloud Service Providers (CSPs).
Who can become a member of ECUC?
The ECUC is open for any supervised/regulated European Financial Institution interested in using public cloud technology.
“You have recently published requirements in your Position Paper. What exactly is it about?“
The Position Paper addresses requirements, which will help the European financial industry to use public cloud in a compliant and efficient way. This includes security and data protection requirements, standard contractual clauses, requirements for portability of systems and potential exit strategies.
– Dirk Thomas, Commerzbank AG
How are institutes currently using cloud?
Financial institutions apply various deployment models of cloud services (public, hybrid, private) with a large variety of implementations from applications. These have been developed directly using platforms from CSPs to platforms that have been migrated from onsite to cloud.
“Is the coalition concerned that European regulatory and data protection standards are currently not adequately implemented by non-European cloud providers?“
In discussion with the CSPs, the ECUC strives to achieve uniform and off-the-shelf technical measures and service to achieve simpler implementations. It is however up to each institution to implement technical measures and to set-up services to ensure compliance with regulatory and data protection standards.
– Torsten Sämann, Deutsche Kreditbank AG
Is the ECUC asking for regulatory relief?
Regulatory relief is not an ECUC objective. Rather the ECUC wants to foster the implementation of regulatory and data protection requirements at cloud service providers. The same requirements for all institutes do not imply that every institute has to find an individual solution to save resources for banks and CSPs.
What is ECUC’s position towards US-American CSPs?
The ECUC wants to find a common position on cloud services needed for the financial industry. In particular, these services must comply with data protection, security and other regulatory requirements. If the compliant services are requested by a substantial part of the industry, CSPs will be required to provide them. There are no competitive disadvantages for US providers as the same requirements must also be fulfilled by European CSPs.
“How does the ECUC address the EBA guidelines?“
To use cloud services, the EBA guidelines for outsourcing must be fulfilled. The ECUC would like to develop recommendations for a practical implementation of these guidelines that also include reasonable exit strategies.
– Andreas Widegren, Swedbank AB
What about Gaia-X when you have the ECUC now?
Gaia-X and ECUC are not in any competition, but instead have similar goals.
The ECUC aims to develop requirements that apply to all CSPs hence to Gaia-X as well. Members and all other institutes are free to choose a provider with the greatest value to them and their customers.
Will the coalition recommend that the standards / best practices it formulates for the use of cloud technologies will be formally adopted by EU regulators?
The ECUCs first objective is to develop a joint position and approach for the use of public cloud computing by financial institutes that help to comply with the existing regulation. However, as a second step, the ECUC aspires to initiate discussions with regulators to contribute to the further development of technology regulation in the financial sector.