Here is the rewritten article in Markdown format:

Compliance Best Practices for Financial Institutions in Croatia

=====================================================

As a leading cloud provider, Amazon Web Services (AWS) recognizes the importance of compliance with regulatory requirements for financial institutions in Croatia. This article provides an overview of the legal and regulatory landscape in Croatia and offers guidance on best practices for financial institutions using AWS services.

Regulatory Framework

In Croatia, the Hrvatska Narodna Banka (Croatian National Bank or HNB) supervises credit institutions, payment institutions, and electronic money institutions. The Croatian Financial Services Supervisory Agency (HANFA) oversees stock exchanges, regulated markets, investment firms, securities issuers, brokers, and insurance companies.

Key Regulations

Financial institutions in Croatia using AWS services must comply with several regulations, including:

• HNB’s decision on outsourcing
• Decision on Adequate Information System Management
• Act on Cybernetic Security of Key Services Providers and Digital Service Providers

These regulations apply to financial institutions using cloud services, such as AWS.

ESAs’ Guidelines

The European Supervisory Authorities (ESAs) have issued guidelines on outsourcing arrangements for credit institutions, investment firms, electronic money institutions, and payment institutions. These guidelines provide guidance on contractual and operational areas such as:

• Access and audit rights
• Security of data and systems
• Location of data and data processing
• Sub-outsourcing
• Contingency plans and exit strategies

Compliance Considerations

Financial institutions in Croatia using AWS services should consider the following key considerations:

• Purpose of the workload(s) and relevant categories of data to anticipate which legal and regulatory requirements may apply.
• Materiality or criticality of the relevant workload(s) in light of local requirements.
• Reviewing the AWS Shared Responsibility Model and mapping AWS responsibilities and customer responsibilities according to each AWS service used.
• Notifying the relevant regulator(s) when the workload is deemed critical or important.

Additional Resources

AWS offers several resources to help financial institutions comply with regulatory requirements, including:

• AWS Compliance Quick Reference Guide
• Using AWS in the Context of Common Privacy and Data Protection Considerations
• AWS Operational Resilience in Financial Services Guide
• AWS Policy Perspective: Data Residency
• AWS Logical Separation Handbook
• Financial Services Lens - AWS Well Architected Framework

Conclusion

AWS is committed to helping financial institutions in Croatia navigate compliance with regulatory requirements. By understanding the legal and regulatory landscape and following best practices, financial institutions can ensure secure and compliant use of cloud services.