Here is the article in Markdown format:

Croatia Regulatory Requirements for Financial Institutions: A Compliance Overview

Financial institutions operating with Amazon Web Services (AWS) in Croatia must navigate a complex regulatory landscape to ensure compliance with local laws, guidelines, and international standards. This article provides an overview of the key regulatory requirements and best practices for financial institutions using AWS services in Croatia.

Who Regulates Financial Institutions in Croatia?

The Croatian National Bank (HNB) supervises credit institutions, payment institutions, electronic money institutions, and other financial entities. The Croatian Financial Services Supervisory Agency (HANFA) is responsible for regulating stock exchanges, investment firms, securities issuers, insurance companies, and other related entities.

What Regulations Apply to Financial Institutions Using AWS?

Financial institutions using cloud services in Croatia must comply with the HNB’s decision on outsourcing, which requires notification of critical or important function outsourcing. Additionally, local regulations, guidelines, and laws may apply to financial institutions when using cloud services. Key regulations include:

• Decision on Adequate Information System Management (Croatian Official Gazette 37/2010)
• Act on Cybernetic Security of Key Services Providers and Digital Service Providers
• European Supervisory Authorities’ guidelines on outsourcing arrangements

These guidelines provide guidance on contractual and operational areas, including access and audit rights, security of data and systems, location of data and data processing, sub-outsourcing, and contingency plans.

Regulatory Overview for Financial Institutions Using AWS

Financial institutions in Croatia are permitted to use cloud services provided they comply with applicable legal and regulatory requirements. Key considerations include:

• Notifying the relevant regulator(s) when outsourcing critical or important functions
• Mapping AWS responsibilities and customer responsibilities according to each service used
• Reviewing the AWS Shared Responsibility Model and conducting a materiality assessment

Financial Institutions Using AWS Can Take the Following Steps to Better Understand Their Compliance Needs:

1. Consider the purpose of the workload(s) under consideration and relevant categories of data to anticipate which legal and regulatory requirements may apply.
2. Assess the materiality or criticality of the relevant workload(s) in light of local requirements.
3. Review the AWS Shared Responsibility Model and map AWS responsibilities and customer responsibilities according to each service used.
4. Notify the relevant regulator(s) when the workload is deemed critical or important.

Additional Resources for Financial Institutions Using AWS

• AWS Compliance Quick Reference Guide
• Using AWS in the Context of Common Privacy and Data Protection Considerations
• AWS Operational Resilience in Financial Services Guide
• AWS Policy Perspective: Data Residency
• AWS Logical Separation Handbook
• Financial Services Lens - AWS Well-Architected Framework

This document is provided for informational purposes only and does not create any warranties, representations, contractual commitments, conditions, or assurances from AWS, its affiliates, suppliers, or licensors. The responsibilities and liabilities of AWS to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.