.jpg)
The aim of the European Cloud User Coalition -ECUC- is to strengthen the public cloud ecosystem for the entire European financial sector and ensure that data protection and banking outsourcing requirements are met. 13 European banks have signed up, none of them French to date.
Cloud computing is a key strategic technology for the digital transformation of the European financial sector. While private clouds have been widely used by banks until now, public clouds are also gaining ground. The long-term risk is to create a real technological dependency with US cloud providers and not to benefit from the same legal protections regarding data storage. 13 europeans banks have decided to work together to ensure public cloud compliance.
As we know, European banks are increasingly using the cloud to store their data. For Commerzbank, more than 80% of its applications will be migrated to the cloud by 2023.
It was the German bank that initiated the creation of the European Cloud User Coalition - ECUC - in 2019. It has since been joined by 12 other European banks, including the Irish Allied Irish Banks, the Austrian Erste Group Bank and BAWAG Group, the Belgian Belfius Bank and Euroclear, the German Deutsche Börse AG, EFG Bank AG, the Dutch ING Groep N.V., KBC Bank NV, the Swedish Swedbank, and the Italian UniCredit S.p.A. No French bank has joined the coalition to date.
France plays the US Cloud card?
The French bank BNP Paribas has thus chosen in 2020 to join another path by integrating the global ecosystem of financial institutions and suppliers that use IBM Cloud for Financial Services. This ecosystem, created at the initiative of IBM and Bank of America, also marks a key stage in the partnership between IBM Cloud and Bank of America, to migrate certain applications, workloads and "highly" confidential information into Big Blue's public cloud.
As for Société Générale's "Cloud First" strategy, it is now based on a Hybrid Cloud (private, public) based on AWS and Microsoft Azure technologies.
"We have to make sure that European data protection and banking outsourcing requirements are met, even if we outsource to US companies," says Markus Chromik of Commerzbank
It should be remembered that in the United States, cloud operators are subject to the CLOUD (Clarifying Lawful Overseas Use of Data Act), which allows the authorities to access the data of American companies even if their servers are abroad. In Europe, the General Data Protection Regulation (GDPR) "allows the transfer of personal data to a third country only on the basis of a court order, an official decision of a third country or an international agreement".
Agreeing best practice for European banks
The ECUC has published a position paper in its revised version to cover requirements for achieving standardisation of compliant and safe use of public cloud technology in regulated European financial institutions. It addresses major topics ranging from Privacy, Security, Governance & Regulation, Contractual Clauses to Portability, Resilience & Exit Strategy. The paper also includes a review and summary of the European Commission´s proposed Digital Operational Resilience Act (DORA).
In addition to gaining new members, the aim of the coalition is to jointly agree on security standards and best practices for the use of cloud technology for European financial actors. On this basis, high European regulatory and data protection standards will also be better enforced with non-European cloud service providers.