Financial institutions operating in Thailand are required to report their information technology (IT) outsourcing services to the Bank of Thailand to enhance information and system securities as well as increase greater cost management efficiency.
Somboon Chitphentom, senior director of the regulatory policy department, said both domestic and foreign financial institutions have to declare their critical IT outsourcing services at least 30 days before commencing an operating system or changing service provider.
Financial institutions are also required to submit an annual report on all of their IT outsourcing services and report any problem affecting their basic financial services that stems from IT outsourcing services within 24 hours, he said.
"Technological trend has changed constantly and commercial banks have increased their IT outsourcing services," said Mr Somboon.
The central bank sent a letter of circulation to all financial institutions on Monday to inform on latest regulations about their IT outsourcing services. He reiterated that financial institutions bear the responsibility of reporting to the central bank and the reporting process should not be initiated by IT service providers.
Since service providers on cloud computing technology have offered their services to interested financial institutions, this could lead to unnecessarily information leakage and financial institutions should be cautious with this, said Mr Somboon.
Clouding computing could lead to important data storage, considered as critical IT outsourcing, or a concentration of a sole IT service provider. Financial institutions must therefore report to the central bank on IT outsourcing services on cloud computing.