Financial Institutions Beware: Cloud Computing Compliance Under Guideline B-10
In the last several years, cloud computing has significantly changed the way businesses protect the integrity of their data. While there are huge advantages to this model – there are also significant costs especially with respect to compliance. Financial institutions adopt cloud computing solutions as part of their mainstream business operations they too must grapple with a stepped up regulatory environment.The Office of the Superintendent of Financial Institutions (OSFI) recently issued a memorandum under its Guideline B-10 which focuses on the following concerns:
- confidentiality, security and separation of property:
- contingency planning;
- location of records;
- access and audit rights;
- subcontracting; and
- Monitoring the material outsourcing arrangements.
The memorandum also reminds financial institutions that despite the competitive advantage cloud computing offers, they should prepare for the regulatory issues on the way particularly as suggested in OSFI’s Guideline B-10.Going beyond the basics, the Knowledge Group has assembled a team of experts who will help you understand the most important aspects of OSFI’s Guideline B-10 with respect to cloud computing. They will present their thoughts and opinions on how to best comply with the associated requirements under Guideline B-10.
Michael R. Whitt Q.C., Partner, Co-leader, Information Technology Practice,
Bennett Jones LLP
- What is “cloud”(NIST)
- Cloud isn’t the same as outsourcing
- Irresistible (strange) attractors to cloud services
- ease of deployment/no technical barriers
- YOD example
- Tyranny of forms (necessitated by deployment and metering requirements)
- Lowest common denominator
- Managing the tide, negotiating terms (what’s that again? )
Stephen B. Kerr, Partner ,
Fasken Martineau DuMoulin LLP
- The evolution of OSFI’s approach to outsourcing generally
- Recent OSFI guidance and its particular concerns dealing with cloud computing (i.e. OSFI’s perspective)
- How to address OSFI’s concerns and requirements when considering a material outsourcing arrangement
Ebad Rahman, Attorney,
- OSFI’s specific concerns re cloud computing
- Practical issues when negotiating cloud computing outsourcing contracts in light of B-10 requirements
- How to deal with issues surrounding (i) confidentiality, security and separation of property; (ii) access and audit rights; (iii) subcontracting; (iv) contingency planning.
- Difficulties in complying with B-10 requirements.
- How OSFI may exercise oversight over a Cloud Computing contract.
Andrew S. Nunes, Partner ,
Fasken Martineau DuMoulin LLP
- Due diligence in the context of a cloud outsourcing by FRFIs
- questions concerning the FRFI
- questions concerning the service provider
- questions concerning the service offering
- Contracting for cloud outsourcing in light of B-10
- key contractual provisions
- service recipient concerns
- service provider concerns
Who Should Attend:
- Finance Directors
- Managers with Responsibility for Cloud Computing
- Compliance Officers
- Data Security Professionals
- Corporate Counsel
- In-house Counsel Managing Legal Risks or E-discovery
- IT and Data Security Professionals Managing ASP or Cloud computing functions
- CPAs and Auditors
- Other Related/Interested Professionals
Michael Whitt is co-leader of the firm’s information technology practice. A Patent Agent (2001) and a Trademark Agent (1994) in addition to being a lawyer Michael Whitt advises technology-based businesses on commercialization and compliance matters, and on the structure, negotiation and documentation of novel business models, strategies and transactions, particularly regarding intellectual property and information and other technologies. Michael has been involved with computer and information technologies for over three decades and advises small, medium and large clients with technology or intellectual property assets and operations. Clients include manufacturers, vendors, technology acquirers, bulletin boards, ISPs, ASPs, e-Commerce and web-enabled transaction providers, infrastructure providers, agricultural and biotechnology operations, health informatics providers and users, geospatial and location-based service providers and professional self-governing bodies.Michael also assists clients with the protection of personal information and privacy law compliance, policy review and advice, contract terms in IT and other information-handling and information-flow transactions and operations, breach mitigation and notification, and response to regulatory inquiries and demands in private sector and health information matters both provincially and federally.
Michael Whitt is co-leader of the firm’s information technology practice. A Patent Agent (2001) and a Trademark Agent (1994) in …
Stephen Kerr practises general corporate/commercial law, with an emphasis on mergers and acquisitions, particularly in the financial services industry. A significant portion of Stephen’s practice involves providing general counsel advice to both large and mid-size businesses (regardless of industry). Much of this advice concerns acquisition and divestment strategies, complex reorganizations and material commercial agreements. Stephen also advises on the incorporation and registration of banks, life insurance companies and insurance brokerages and has advised on various portfolio transfers among insurance companies and fraternal benefit societies. Stephen also advises on public and private financings for financial institutions, demutualizations and significant acquisitions and divestitures of financial institutions or their assets. Stephen provides ongoing assistance to financial services clients (among others) in a number of areas including advising on banking, insurance, and other political and regulatory matters, at both the provincial and federal level.
Stephen Kerr practises general corporate/commercial law, with an emphasis on mergers and acquisitions, particularly in the financial services industry. A …
Ebad Rahman is an attorney Torys, an international business law firm with offices in Toronto, New York and Calgary, in their Business and Technology Sourcing Practice Group. His technology practice focuses on service agreements and conveyances of hardware, software and other intellectual property. Ebad has extensive experience advising on technology and sourcing matters. . He has advised clients such as International Petroleum Investment Company, Thomson Reuters, Edgestone and The Bank of Nova Scotia.Well-versed in computer sciences, Ebad received his BSc from York University in 2000 and worked in the software industry developing database applications for a company that specialized in electronic tolling systems. He completed his LLB from Osgoode Hall School of Law (York University) in 2003 and practised law at a large intellectual property firm, where he gained experience in all areas of patent law, before joining Torys in 2008. During his tenure at the firm, he was seconded to GlaxoSmithKline, a global healthcare company, where he was responsible for advising on commercial arrangements.Ebad is also an active member of groups such as IT.Can Law Association, the Intellectual Property Institute of Canada and the Toronto Intellectual Property Group.
Ebad Rahman is an attorney Torys, an international business law firm with offices in Toronto, New York and Calgary, in …
Andrew is a partner in the firm. His practice encompasses numerous aspects of corporate/commercial law, including asset and share acquisitions, reorganizations, joint ventures, strategic alliances, financings, outsourcings and customer/supplier arrangements in a broad range of industries. Andrew acts for a wide range of clients from blue-chip corporations to leading-edge technology companies, including a number of U.S. clients engaged in cross-border transactions. His practice includes a particular focus on information technology matters. In addition to buying and selling technology businesses and technology outsourcing, he regularly advises clients on a wide range of issues and agreements relating to the development, protection and exploitation of technology products and services, such as development, implementation, consulting, acquisition, licensing, distribution, maintenance and support, hosting, escrow, internet and e-commerce, open source software and social media. Andrew is a frequent speaker on technology and commercial law topics. He is the immediate past Chair of the Ontario Bar Association IT and E-Commerce Section and a prior member of the OBA Council. Andrew currently sits as a director of the York Technology Alliance.
Andrew is a partner in the firm. His practice encompasses numerous aspects of corporate/commercial law, including asset and share acquisitions, …
Print and review course materials
Method of Presentation:
Unlock All The Knowledge and Credit You Need
Leading Provider of Online Continuing Education
It's As Easy as 1, 2, 3
Get Your 1-Year All Access Pass For Only $199
About Bennett Jones LLP
When you plug into Bennett Jones, you get a network of more than 360 domestically and internationally recognized lawyers, and 500 staff working together to fulfill your legal and business objectives. With offices in Calgary, Toronto, Edmonton and Ottawa, and represented internationally in Abu Dhabi, Doha, Dubai and Beijing, you are connected to individuals with world class reputations, knowledge and experience to guide you through the present and potential outside influences on your business and your industry.
About Fasken Martineau DuMoulin LLP
About Torys LLP
Torys LLP is a highly respected international business law firm with offices in Toronto, New York and Calgary. Torys is recognized internationally as a frequently recommended law firm in a large number of practice areas. Torys’ lawyers work together to offer seamless cross-border services to clients on both sides of the U.S.-Canada border and globally.