The Banking Supervision Department is making it easier for the banks to use public cloud technology
- In view of the advantages in cloud computing technology and accumulated experience, the Banking Supervision Department is enabling banking corporations to implement cloud computing technology without obtaining a permit in advance from the Department.
- The banking corporation’s board of directors and management must increase their involvement in cloud computing technology applications, and the use of such technology requires the proper management of the risks inherent in it.
The Banking Supervision Department is encouraging the banking corporations to implement innovative technologies while properly managing their risks, including cloud computing technology. The applications of this technology enable the banking corporations to advance the rapid development of innovative products through cooperation with Fintech companies; to improve flexibility and response time in the development of new products (Time-To-Market - TTM); to improve service to customers; to reduce development and operating expenses, thereby contributing to greater efficiency; and more.
In view of these advantages, the use of cloud computing technology by financial companies around the world has grown, in areas such as customer relations management (CRM), human resources management, development of innovative products for the corporation and its customers, and so forth. Global assessments are that this trend is expected to continue. In Israel, there is a marked trend of increasing use of cloud computing technology by banking corporations. The Banking Supervision Department is considered a pioneer in that the first guidelines published regarding cloud computing, back in 2015, enabled the banking corporations to implement this technology gradually and cautiously.
In view of this and the accumulated experience, and similar to the directives issued by parallel supervisory authorities around the world, the new directive/amendment makes it easier for the banking corporations by cancelling the need to request a permit in advance from the Banking Supervision Department before implementing cloud technology, for certain applications such as storing the banking corporation’s and/or customer’s sensitive information on the cloud. The directive shifts the responsibility for risk management to the banking corporation, and strengthens the involvement of the board of directors and senior management. The revised directive relates to cloud computing applications that the board of directors must approve pursuant to the bank’s policy as “material cloud computing”. The bank’s policy must define these applications, as well as applications for which management’s approval is required. In addition, the banking corporations will be required to send an updated list of cloud applications and a list of future cloud applications to the Banking Supervision Department once a year.
The revised directive still does not allow the use of cloud computing technology for core activities and/or core systems. However, in exceptional cases, the Supervisor of Banks will be able to approve such use, for instance in case of the establishment of a new digital bank.