Financial Crime World

Croatian Financial Institutions Must Comply with Regulatory Requirements for Cloud Services

As the use of cloud services continues to grow among financial institutions in Croatia, it is essential that they understand and comply with regulatory requirements set forth by the Croatian National Bank (HNB) and other relevant authorities.

Compliance with HNB’s Decision

According to a recent decision by HNB, customers must notify the bank when outsourcing critical or important functions. Additionally, local regulations, guidelines, and laws may also apply to financial institutions in Croatia using cloud services. This includes:

  • The Decisio on Adequate Information System Management
  • The Act on Cybernetic Security of Key Services Providers and Digital Service Providers

European Supervisory Authorities’ Guidelines

Financial regulators in Croatia have confirmed the applicability of European Supervisory Authorities’ (ESAs) guidelines on outsourcing arrangements, which provide guidance on:

  • Contractual and operational areas such as access and audit rights
  • Security of data and systems
  • Location of data and data processing
  • Sub-outsourcing
  • Contingency plans and exit strategies

These guidelines include:

  • The European Banking Authority’s Guidelines on Outsourcing Arrangements (published in 2019)
  • The European Insurance and Occupational Pensions Authority’s Guidelines on Outsourcing to Cloud Service Providers (published in 2020)
  • The European Securities and Markets Authority’s Guidelines on Outsourcing to Cloud Service Providers (also published in 2020)

Compliance Support from AWS

AWS, a leading cloud service provider, is committed to helping financial institutions in Croatia comply with regulatory requirements. The company encourages its customers to obtain appropriate advice on their compliance with all relevant legal and regulatory requirements, including the ESAs’ guidelines and local regulations, guidelines, and laws.

Tools and Security Measures for Compliance

Financial institutions in Croatia are permitted to use cloud services provided they comply with applicable legal and regulatory requirements. AWS offers a range of tools and security measures to help financial institutions evaluate, meet, and demonstrate compliance with these requirements.

Additional Considerations

In addition to complying with regulatory requirements, financial institutions in Croatia using AWS services should also consider applicable privacy requirements, including:

  • The General Data Protection Regulation (GDPR)
  • The Croatian Act on the Implementation of the GDPR

For more information on how to ensure compliance with regulatory requirements for cloud services, financial institutions in Croatia can contact AWS or visit the company’s website.