Greatest possible Efficiency and Flexibility for Companies

As an innovative and modern bank, Commerzbank has been using cloud technology for years and can therefore operate efficiently and flexibly.

For users, there are a number of benefits to the application of public cloud technology: It offers high availability, is scalable in terms of resources, and provides automation and pre-built services. This leads to faster product development and cost savings and thus facilitates innovation. It also offers very high security standards.

As financial institutions operate with sensitive data and the financial provision in Europe needs to be ensured, they are subject to more restrictive regulations than other sectors. Commerzbank has always met these requirements. However, these currently have to be agreed between the respective cloud provider and financial institution by means of complex negotiations and individual solutions, which leads to high costs on both sides.

ECUC – a powerful voice for the financial industry

In 2021, Commerzbank initiated the founding of the European Cloud User Coalition (ECUC) with 12 other institutions. Through ECUC, the financial industry is now addressing its needs for cloud technologies with one voice. The coalition now has 32 members, and they have set themselves the goal of promoting the secure, standardised, and effective use of cloud services in dialogue with vendors, regulators, and standards-setting organisations.

To this end, the coalition has published a Position Paper listing the most important requirements related to the fields of data protection, portability, security, regulation, and contract arrangements. The accompanying ECUC Checklist, a document covering around 200 questions, helps financial institutions and cloud providers alike to create transparency for the use of cloud services, standardise contracts, and thus increase outsourcing efficiencies. It also publishes positions on the European Union’s Digital Operational Resilience Act (DORA), which aims to strengthen the information and communication security of financial companies in Europe.

ECUC provides feedback on draft EU regulations

In an ever-changing regulatory environment, the coalition relies on active participation in public consultations. Supported by all members, ECUC provided feedback to the responsible European Supervisory Authorities on drafts of the Digital Operational Resilience Act, which serves as the basis for EU regulations for the European Commission.

In addition, the coalition participates in a European Commission working group, to which it contributes its practical experience in implementing public cloud services. Most recently, ECUC has provided feedback on the draft of the European Central Bank (ECB) Guide, which sets out the expectations of supervision regarding cloud use for future audits of European financial institutions.

ECUC sets standards for specific requirements of the financial industry

ECUC is committed to working with the Cloud Security Alliance (CSA), a global leader in standardising and certifying clouds and cloud security. Auditors use the CSA´s catalogue of requirements for their audits. Up to now, the specific requirements of the European financial industry have not been explicitly included. To change this, ECUC has been cooperating with CSA since 2023. Recently, an extension was published specifically for the financial sector, for which ECUC has provided relevant content.

In this video interview, Bernhard Spalt (Chief Risk Officer), Oliver Dörler (Divisional Board Member Big Data & Advanced Analytics) and Monika Njegac-Wagner (Head of ECUC Workstream and ECUC Moderator) from Commerzbank answer questions on the topic.