EU Financial Services Regulations & Guidelines

Financial Regulatory Requirements

European Banking Authority,EBA

EBA is an independent EU Authority which works to ensure effective and consistent prudential regulation and supervision across the European banking sector. Its overall objectives are to maintain financial stability in the EU and to safeguard the integrity, efficiency and orderly functioning of the banking sector.


EBA Guidelines on ICT and security risk management: Released by EBA on November 29, 2019. These draft Guidelines establish requirements for credit institutions, investment firms and payment service providers (PSPs) on the mitigation and management of their information and communication technology (ICT) risks and aim to ensure a consistent and robust approach across the Single market.


EBA Guidelines on outsourcing arrangements: Released by EBA on February 25, 2019. These Guidelines provide a clear definition of outsourcing and specify the criteria to assess whether or not an outsourced activity, service, process or function (or part of it) is critical or important.

European Securities and Markets Authority(ESMA)

ESMA is an independent EU authority whose purpose is to enhance investor protection, promote orderly financial markets, and safeguard financial stability.


Outsourcing Guidelines to cloud service providers: Released by ESMA on May 10, 2021. The objectives of these guidelines are to establish consistent, efficient, and effective supervisory practices within the European System of Financial Supervision (ESFS) and to ensure the common, uniform, and consistent application of the requirements. In particular, these guidelines aim to help firms and competent authorities identify, address, and monitor the risks and challenges arising from cloud outsourcing arrangements, from making the decision to outsource, selecting a cloud service provider, monitoring outsourced activities to providing for exit strategies.

European Insurance and Occupational Pensions Authority (EIOPA)

EIOPA is at the heart of insurance and occupational pensions supervision in the EU. Its mission is to protect the public interest. EIOPA does this by helping ensure the short-, medium- and long-term stability and effectiveness of the financial system for the EU's economy, businesses and people.



Guidelines on outsourcing to cloud service providers: Released by EIOPA on January 31, 2020. It sets out the final text of the EIOPA Guidelines on outsourcing to cloud service providers.


Guidelines on information and communication technology security and governance:

Released by EIOPA on October 8, 2020. The objective of these Guidelines is to:

a) Provide clarification and transparency to market participants on minimum expected information and cybersecurity capabilities.

b) Avoid potential regulatory arbitrage.

c) Foster supervisory convergence regarding the expectations and processes applicable in relation to ICT security and governance as a key to proper ICT and security risk management.

Central Bank of Ireland

The Central Bank of Ireland is a financial service regulator of the Republic of Ireland. It supervises credit institutions, securities markets and brokers, fund managers, payment service providers, investment companies, and insurance and reinsurance companies. Its mission is to serve the public interest by safeguarding monetary and financial stability and by working to ensure that the financial system operates in the best interests of consumers and the wider economy.


Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks: Issued by Central Back of Ireland in September 2016, sets out guidance on information technology ("IT") and cybersecurity governance and risk management for regulated firms in Ireland. The guidance also articulates some observations that combine practices of regulatory work undertaken by the central bank during 2015 and 2016 to assess operational, governance, and strategic risks related to IT and cybersecurity in regulated firms. The guidance sets out the current thinking of the central bank as to best practices that regulated firms should use to develop effective IT and cybersecurity governance and risk management frameworks.


Cross Industry Guidance on Outsourcing: Issued by the Central Bank of Ireland in December 2021, outlines the bank's expectations in outsourcing risk management for regulated financial service providers (RFSPs or firms) to promote higher standards of operational resilience.

The Bank of Spain (Banco de España)

The Bank of Spain is the national central bank responsible for regulating Spanish banks. Under the framework of the Single Supervisory Mechanism (SSM), the Bank of Spain along with the European Central Bank is the regulator of the Spanish banking system. Its activities are regulated by the Law of Autonomy of the Bank of Spain.


The Bank of Spain has confirmed its intention to apply EBA Guidelines on ICT and security risk management and EBA Guidelines on outsourcing arrangements, issued by European Banking Authority (EBA) on February 25, 2019, in Spain.

The Hungarian National Bank (Magyar Nemzeti Bank)

The Hungarian National Bank, or Magyar Nemzeti Bank (MNB), in Hungarian; is the regulatory body of Hungarian financial markets and a member of the European System of Central Banks. MNB oversees credit institutions, securities markets and brokers, fund managers, payment service providers, investment companies, and insurance and reinsurance companies. The primary objective of MNB is to achieve and maintain price stability and use monetary policy to support the government's economic policy.


Government Decree 42/2015 (III.12.) on protecting the information system of financial institutions, insurance undertakings, reinsurance undertakings, investment firms and commodity dealers: Issued by the Hungarian government on January 1, 2016, outlines supervision measures, data protection controls, information security certification procedures, and system integrity inspection and control regulations for protecting the security of information systems of financial institutions, insurance undertakings, reinsurance undertakings, investment firms, and commodity dealers.

The National Bank of Romania (Banca Națională a României)

The National Bank of Romania (NBR) is the central bank of Romania. Its main objective is to ensure and maintain price stability and support the general economic policy of the government. The main tasks of NBR are to develop and implement the monetary and exchange rate policies, to authorize, regulate, and prudently supervise credit institutions, and to promote and oversee smooth operations of the payment systems to ensure financial stability.


Regulation no. 3/2018 on the monitoring of financial market infrastructures and payment instruments: Issued by the National Bank of Romania on August 1, 2018, sets out requirements on the authorization and supervision of the financial market infrastructure  and its managers and participants, as well as the circulation, issuance, and supervision of payment instruments, and payment service providers.


Instructions from 20.01.2020 on outsourcing: Issued by the National Bank of Romania on January 20, 2020, clarifies that payment institutions and electronic money institutions should consider adopting EBA Guidelines on outsourcing arrangements released by the European Banking Authority (EBA) on February 25, 2019.

Federal Financial Supervisory Authority

Federal Financial Supervisory Authority is the German financial industry regulator that centrally regulates banks and financial service providers, insurance companies and securities transactions. Its main objective is to ensure the proper functioning, stability and integrity of the German financial system.


BaFin Guidance on Outsourcing to Cloud Service Providers: Officially released in November 2018. It provides guidance for BaFin and Deutsche Bundesbank to financial institutions on the risk control assessment process and key contract elements for cloud service providers when adopting cloud services.


Circular 10/2017 on The Banking Supervisory Requirements for IT: First released on November 6, 2017 and revised in August 2021, it provides a flexible and practical framework for institutions' technical and organizational resources, especially in IT resource management, information risk management, and information security management.


Circular 11/2019 on Supervisory Requirements for IT in Capital Management Companies: This circular was officially released in October 2019. The circular covers the technical and organizational resources of German capital managers, in particular IT resource management and IT risk management. In addition, it specifies requirements related to organizational requirements, risk management and outsourcing to determine minimum regulatory requirements for information technology for German capital managers.


Circular 10/2018 on Supervisory Requirements for IT in Insurance Undertakings: Officially released in November 2018. Based on the German Insurance Supervision Law, this circular describes the technical and organizational resources that BaFin considers appropriate as IT systems, especially the requirements on information security and information risk management.

FAQs About the European Financial Industry

FAQs About the European Financial Industry

Terms & Conditions

活动对象:华为云电销客户及渠道伙伴客户可参与消费满送活动,其他客户参与前请咨询客户经理

活动时间: 2020年8月12日-2020年9月11日

活动期间,华为云用户通过活动页面购买云服务,或使用上云礼包优惠券在华为云官网新购云服务,累计新购实付付费金额达到一定额度,可兑换相应的实物礼品。活动优惠券可在本活动页面中“上云礼包”等方式获取,在华为云官网直接购买(未使用年中云钜惠活动优惠券)或参与其他活动的订单付费金额不计入统计范围内;

Ok
  • Can European financial institutions use Huawei Cloud?

    Huawei Cloud has been launched in Europe. Financial institutions can purchase and use Huawei Cloud products and services after registering on the Huawei Cloud website. However, when using Huawei Cloud services, financial institutions must comply with all applicable laws and regulatory requirements.

  • How does Huawei Cloud comply and help me comply with EBA's Guidelines on ICT and security risk management?

    On November 29, 2019, the European Banking Authority (EBA) published the Final report on the guidelines on ICT and security risk management to establish requirements for credit institutions, investment firms, and payment service providers (PSPs) on the mitigation and management of ICT and security risks. These guidelines cover information security, ICT operations, ICT project change and management, and business continuity.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 5 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements in the EBA's guidelines and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with EBA's Guidelines on outsourcing arrangements?

    On February 25, 2019, EBA released Guidelines on outsourcing arrangements. These guidelines provide a clear definition of outsourcing and specify due diligence, contract phases, data and system security, access, information, and audit rights, requirements for termination rights and supervision of outsourced functions.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 6 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements in the EBA's guidelines and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with ESMA's Guidelines on outsourcing to cloud service providers?

    On May 10, 2021, the European Securities and Market Authority (ESMA) launched Guidelines on outsourcing to cloud service providers. These guidelines specify requirements on pre-outsourcing analysis and due diligence, key contract elements, information security, exit policies, access and audit permissions, and secondary outsourcing.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 7 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with EIOPA's Guidelines on outsourcing to cloud service providers?

    On January 31, 2020, the European Insurance and Occupational Pensions Authority (EIOPA) released the Guidelines on outsourcing to cloud service providers. These guidelines specify the requirements on due diligence, contracts, access and audit rights, and data and system security, sub-outsourcing of critical or important operational functions or activities, monitoring and supervision of cloud outsourcing arrangements, termination rights, and exit strategies.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 8 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with EIOPA's Guidelines on information and communication technology security and governance?

    On October 8, 2020, the European Insurance and Occupational Pension Administration (EIOPA) released Guidelines on information and communication technology security and governance. These guidelines cover logical security, personal safety, ICT operation security, security monitoring, information security review, evaluation, and testing, and ICT operation management, ICT incident and problem management, ICT system acquisition and development, business impact analysis, business continuity planning, response and recovery planning, plan testing, and crisis communication.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 9 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with Ireland's Cross Industry Guidance in Respect of Information Technology and Cybersecurity Risks?

    In September 2016, the Central Bank of Ireland published Cross Industry Guidance in respect of Information Technology and Cybersecurity Risks, which sets out the requirements on risk management, cyber security, and IT system and service outsourcing.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 10 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements in this guidance and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with Ireland's Cross-Industry Guidance on Outsourcing?

    The Cross-Industry Guide - Outsourcing released by the Central Bank of Ireland in December 2021 specifies the management requirements on sub-outsourcing risks, sensitive data risks, data security, availability, and integrity, due diligence, outsourcing arrangements and service level agreements (SLAs), and continuous monitoring and challenges, disaster recovery, and business continuity.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 11 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements in this guidance and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with Hungary's Government Decree No. 42/2015 (III.12.) on Protecting the Information System of Financial Institutions, Insurance Undertakings, Reinsurance Undertakings, Investment Firms and Commodity Dealers?

    Government Decree No. 42/2015 (III.12.) on Protecting the Information System of Financial Institutions, Insurance Undertakings, Reinsurance Undertakings, Investment Firms and Commodity Dealers issued by the Hungarian National Bank (MNB) on January 1, 2016 specifies requirements on information technology monitoring, regulations on data security protection, and information technology system integrity control.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 12 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements in this decree and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with Romania's NBR Regulation No. 3/2018 on Financial Market Infrastructures and Payment Instruments Oversight?

    NBR Regulation No. 3/2018 on Financial Market Infrastructures and Payment Instruments Oversight issued on August 1, 2018 sets out the requirements on operational risk management, efficiency and effectiveness, IPF managers ensuring cyber resilience, and financial market infrastructure participants.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 13 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements in this regulation and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with BaFin's Guidance on Outsourcing to Cloud Service Providers?

    In November 2018, BaFin's Guidance on Outsourcing to Cloud Service Providers was officially released, which provides guidance for BaFin and Deutsche Bundesbank to financial institutions in terms of analysis and materiality assessment, audit rights, data security, and termination rights when adopting cloud services.

    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 14 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with BaFin's Circular 10/2017 on The Banking Supervisory Requirements for IT?

    On November 6, 2017, the Federal Financial Supervisory Authority released the Circular 10/2017 on The Banking Supervisory Requirements for IT. The regulatory requirements specify security requirements such as information security, operational security, identity and access management, IT project and application development, outsourcing IT services, and IT business continuity.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 15 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with BaFin's Circular 11/2019 on Supervisory Requirements for IT in Capital Management Companies?

    In October 2019, the Circular 11/2019 on Supervisory Requirements for IT in Capital Management Companies was officially released, which stipulates security requirements such as information risk management, information security, identity and access management, IT project and application development, and outsourcing IT services.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 16 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

  • How does Huawei Cloud comply and help me comply with BaFin's Circular 10/2018 on Supervisory Requirements for IT in Insurance Undertakings?

    In November 2018, the Federal Financial Supervisory Authority released the Circular 10/2018 on Supervisory Requirements for IT in Insurance Undertakings, which specifies security requirements for information risk management, information security, identity and access management, IT project and application development, and outsourcing IT services.


    When financial institutions follow the guidelines, Huawei Cloud, as a CSP, may participate in some activities related to the requirements.


    Chapter 17 of the Huawei Cloud Cybersecurity White Paper for the European Financial Industry summarizes the CSP-related requirements and describes how Huawei Cloud helps customers meet these requirements.

Resource

合规性资源

展示适用于菲律宾金融机构的部分合规遵从性指导文档,更多文档可进入资源中心查找

Terms & Conditions

活动对象:华为云电销客户及渠道伙伴客户可参与消费满送活动,其他客户参与前请咨询客户经理

活动时间: 2020年8月12日-2020年9月11日

活动期间,华为云用户通过活动页面购买云服务,或使用上云礼包优惠券在华为云官网新购云服务,累计新购实付付费金额达到一定额度,可兑换相应的实物礼品。活动优惠券可在本活动页面中“上云礼包”等方式获取,在华为云官网直接购买(未使用年中云钜惠活动优惠券)或参与其他活动的订单付费金额不计入统计范围内;

活动对象:华为云电销客户及渠道伙伴客户可参与消费满送活动,其他客户参与前请咨询客户经理

Ok
Huawei Cloud User Guide to Financial Services Regulations & Guidelines(EU: Ireland, Spain, Hungary, Romania and Germany)

Huawei Cloud helps financial customers meet these regulatory requirements, and continues to provide financial customers with cloud services and business operation environments that comply with financial industry standards.