AWS Cloud regulatory compliance framework for a BFS client to meet EBA (European Banking Authority) requirement
Below is my experience in defining a framework for Cloud regulatory compliance (including EBA — European Banking Authority) for a financial service customer in Europe.
Financial Customers in Europe have below regulatory requirement:
- Materiality Assessment
- Adequately inform supervisors
- Access and audit rights
- Right of access
- Security
- Location of data and processing
- Supply-Chain outsourcing
- Contingency plans / Exit strategy
Below is a traceability matrix that maps Regulatory requirement, security and compliance framework and AWS services that helps for compliance.
Below is the detailed approach on how at each phase, regulatory compliance can be met in AWS cloud transformation projects using AWS services and other 3rd party products.
Below are the support activities that may be required by client to meet EBA regulatory and compliance:
Below is the approach to be followed during well architected review, cloud exit strategy and 3rd party product evaluation.
Below are list of AWS services that help in meeting EBA requirement at various phases.
Below is the execution methodology
Below is the high level framework to meet regulatory and compliance requirement.
Framework for AWS projects
By following above framework and guidelines, AWS projects can meet EBA regulatory compliance requirements.
