Coordinate-regulate cloud-spotting, SEBI

The Securities and Exchange Board of India (Sebi) would do well to allow carve-outs from data localisation requirements for global financial institutions (GFIs). The regulatory purpose of this condition can be satisfied through access to data residing on servers abroad. Moving data to servers located in India increases costs and introduces a new element into operational risk management. Neither improves ease of doing business. Parity between treatment of domestic and foreign financial institutions in this regard can be ensured by harmonising rules with other jurisdictions. Coordinated regulation is the way forward for global financial intermediaries increasingly moving to the cloud. It is of particular import to a capital-importing economy like India.

Sebi should also reconsider its position on financial institutions not sharing responsibility for security and compliance with cloud service providers, which can be addressed by treating them as third-party risk. This calls for a differentiated treatment of public and private cloud, which the current proposals do not provide for. Migration to the cloud is dependent on the evolution of risk control, and by prescribing a yardstick, Sebi is restricting the scope for innovation by financial institutions in managing risk. Local data processing could dilute business efficiency by impeding cross-border information flow. This is critical for fast-moving financial markets. Finally, the business case for strong internal controls over commercially sensitive data is compelling and regulation can be built around them.

India has had to climb down on a broader framework for data protection by permitting its export to select countries. Sebi’s proposals for data regulation should be guided by limits to sovereign safeguards. As both sets of rules are trashed out, policymakers will benefit from an increased awareness of global interdependence in regulating technology and finance. India stands to gain from the globalisation of tech-enabled services and should tailor data protection accordingly.

Web Hyip
Previous articleFive more complaints about Dominic Raab’s behaviour being probed, says Sunak’s office
Next articleKeep China in our magnified sight