The Bank of Russia is considering allowing banks to store customer data, including banking secrecy, in cloud services. The issue is being discussed for the second reading of the bill, Vedomosti writes.
If the initiative is adopted, banks will be able not only to commission contractors to develop IT solutions, but also to transfer part of their infrastructure to them along with the data. In essence, this means moving sensitive information beyond the banks themselves — to cloud platforms.
There is currently debate surrounding this idea. The FSB insists on tightening requirements for contractors, while Rosfinmonitoring proposes clearly defining exactly which data can be outsourced.
The main difficulty lies in the very concept of \"banking secrecy\". Almost any information about a client may fall under this concept: from personal data to transaction history. Therefore, the boundaries of what can be transferred remain blurred for now.
In practice, banks are already ready for such a scenario — demand for cloud solutions is high. But because of current restrictions, there has not yet been a mass transition: under the law, data must be stored within the banks.
If the rules are changed, the market could accelerate sharply. Banks would gain more flexible infrastructure, and large cloud providers would receive a new stream of clients. But along with this, the risks would also grow: from cyber threats to potential access by third parties to sensitive information.
As protective measures, additional steps are being discussed — mandatory encryption, strict access restrictions, and data storage within Russian jurisdiction.