ALPS blog

MaComp: Hurdle or help for the way to the cloud? Write a reply

There is no longer an alternative for banks: Those who want to continue to play a role in the competition must take the leap into the cloud. The first step is to decide on a cloud model and develop a strategy for the transition. If IT managers of financial institutions want to outsource resources to the cloud, various compliance guidelines of BaFin must be met. Banks are essentially confronted with three guidelines: the requirements of banking supervision for IT (BAIT), the minimum requirements for risk management MaRisk and the minimum requirements for the compliance function and further conduct, organisation and transparency obligations for securities services companies (MaComp for short). These directives represent a cost factor that should not be underestimated and are therefore often seen as a hurdle by banks. But a closer look at the MaComp reveals that it is more of a help than a hurdle.

This is because they provide orientation for the practical implementation of the conduct, organisation and transparency obligations and specify the associated legal guidelines. These are essential for banks because violations of these requirements can lead to heavy fines and damage the reputation of the company.

Focus on security

Compliance requirements such as those of MaComp not only help banks to offer their customers the highest level of security, but also provide guidance when selecting a suitable cloud partner. Because on the way to the cloud, not only the choice of provider is relevant. Banks need an external partner who ensures that, in addition to the individual requirements for performance and availability, high security is also taken into account. Regulatory requirements must also be met at all times – and preferably with as little effort as possible.

The respective cloud service providers’ own tools cannot provide banks with all the relevant information here, certainly not in a complex multi-cloud environment. What is needed is a solution like Trend Micro’s Cloud One™ Conformity, which displays all cloud services in a single multi-cloud dashboard and provides centralised visibility and monitoring of the entire cloud infrastructure in real time.

Automatically comply

With Conformity, an organisation’s environment can be benchmarked against over 750 cloud infrastructure configuration best practices. This provides peace of mind by ensuring that best practices and compliance standards are met – from the development phase to runtime. Violations are automatically corrected and the risk status is always visible. Trend Micro presents cloud compliance status at a glance, making it easy to comply with regulatory requirements, even without extensive staff expertise.


Featured News