Subscribe to email alerts
Governance, conduct and culture
Organisational change and transformation
Public sector advisory
Forensic accounting and disputes
Cyber forensic, digital forensic and forensic discovery
Fraud, corruption and investigations
Real estate funds management
Real estate investment
Private equity and special situations investment
Holder of an AFSL
Real estate advisory
Project sales and management
Turnaround and restructuring
Independent business reviews
Receiverships, administrations and liquidations
The Australian Prudential Regulation Authority (APRA) is concerned that financial institutions are too optimistic about the benefits of cloud computing and have overlooked the associated risks that exist with these technologies.
APRA, which regulates the financial sector, has released an Information Paper expressing their concerns regarding weaknesses in cloud outsourcing arrangements where IT assets are shared between entities (shared computing services). This is specifically differentiated from those services where IT assets are dedicated to a single entity. APRA states that while this has occurred for many years, there has been an increase in the ‘volume, materiality and complexity’ of these arrangements, including the sharing of software across industries. Its concern is not the maturing technology itself, but what it sees as a lack of commensurate increase in risk management considerations.
These concerns do not seem to be shared by Australian businesses. An ABS survey released in July 2015 showed that nearly 60% of companies stated that there were no factors which limited or prevented the use of paid cloud computing. The top five reasons for not adopting paid cloud computing services were:
Several other weaknesses identified in APRA’s review of these outsourcing arrangements include:
Under APRA’s prudential outsourcing standards CPS 231 and SPS 231, regulated entities are required to notify APRA within 20 business days if their material business activities are being outsourced. If outsourcing arrangements are offshore, APRA-regulated institutions are required to consult with APRA prior to entering into these agreements. This is to ensure entities have fully understood and able to address the heightened risks.
What makes shared computing services a concern to APRA is not the maturing technology itself, but the lack of risk management and governance to protect the security of the data. In a further sign that this topic may continue to be scrutinised by APRA, earlier this year Bank of Queensland was forced to write off $10 million on their cloud-based customer relationship program system after they failed to meet operational and regulatory requirements.
Our Forensic Technology team includes leading computer forensic experts in the Australia and Asia-Pacific region. Whether it be reviewing electronic evidence in an intellectual property theft matter or eDiscovery services, we aim to provide a complete solution for our clients. From the issues raised by APRA, we can see that these risks do not only apply to financial institutions but to all organisations that use shared computer services. As technology continuously evolves, organisations need to constantly weigh up the benefits, be aware of the risks and manage them appropriately.
For more information, please contact one of our forensic technology experts.
KordaMentha partners, Grant Graham and Neale Jackson, have been appointed Voluntary Administrators by the Board of menswear clothing retailer, Meccano 2016 Limited, trading as Meccano.
Earlier this year, the Australian government introduced the Fair Work Amendment (Protecting Vulnerable Workers) Bill, which sets out to increase the penalties for serious contraventions and broaden the scope of compliance respon...
We are pleased to advise that our Forensic practice has been recognised as the leading digital forensic group in Asia-Pacific in Who’s Who Legal 2018 Investigations edition.
Most creditors of Network Ten are today receiving payments of 100 cents in the dollar under a dividend distribution announced by KordaMentha Restructuring.