Financial Crime World

Estonia’s Financial Institutions Must Comply with Regulatory Requirements

Overview

Financial institutions operating in Estonia must ensure compliance with a range of regulatory requirements when using cloud services, according to Finantsinspektsioon (Financial Supervision Authority), the country’s financial supervisory authority.

European Banking Authority Guidelines

The European Banking Authority (EBA) issued guidelines on outsourcing arrangements in 2019, which apply to EU-regulated credit institutions, investment firms, electronic money institutions, and payment institutions. The guidelines provide guidance on contractual and operational areas such as:

  • Audit rights
  • Security of data and systems
  • Location of data and data processing
  • Sub-outsourcing
  • Contingency plans

Local Regulations

In addition to the EBA Guidelines, local regulations in Estonia may also apply to financial institutions using cloud services. These include:

  • Advisory Guidelines of the Financial Supervision Authority on Outsourcing Requirements for Supervised Entities (2006)
  • Creditors and Credit Intermediaries Act

Compliance with AWS

AWS, a leading provider of cloud services, is committed to helping its financial institution customers in Estonia meet these regulatory requirements. The company provides advanced tools and security measures that customers can use to evaluate, meet, and demonstrate compliance with applicable legal and regulatory requirements.

Requirements for Financial Institutions

Financial institutions in Estonia are permitted to use cloud services, provided they comply with relevant regulations such as the EBA Guidelines and local laws. However, regulations are changing rapidly, and AWS encourages its financial institution customers to obtain appropriate advice on their compliance needs.

Additional Considerations

In addition to regulatory compliance, financial institutions using AWS services must also consider applicable privacy requirements, including:

  • General Data Protection Regulation (GDPR)
  • Personal Data Protection Act (PDPA)

Steps for Compliance

To better understand their compliance needs, financial institutions can take the following steps:

  • Consider the purpose of the workload and relevant categories of data
  • Assess the materiality or criticality of the workload
  • Review the AWS Shared Responsibility Model
  • Map AWS responsibilities and customer responsibilities for each service used

Resources for Compliance

AWS provides a range of resources to help its customers comply with regulatory requirements, including:

  • A compliance quick reference guide
  • Implications of the Code of Conduct for Cloud Infrastructure Service Providers in Europe
  • Navigating GDPR compliance on AWS