As part of an internationally coordinated effort, the Dutch Central Bank DNB agrees with Microsoft on an audit right in all Office 365 cloud service contracts with Dutch financial institutions.
On 6 November 2012, DNB announced that Microsoft has accepted including and audit right in its Office 365 cloud service contracts with Dutch financial institutions allowing DNB to examine the facilities of Microsoft. In a circular issued in December 2011, DNB imposed a number of specific requirements on financial Institutions when outsourcing services to a cloud provider. Financial supervisory authorities of other countries, such as the United States and Australia, had issued similar circulars. While many of these requirements put obligations on the financial institution only (such as the duty to conduct a risk analysis of the intended outsourcing), DNB also required the financial institution to agree with the cloud supplier on an audit right to examine the supplier's facilities for the benefit of DNB. Financial institutions that were negotiating agreements with cloud service providers experienced difficulty in agreeing on such supervisory authority audit right and found themselves caught between financial regulations and their service providers.
After having approached Microsoft and other cloud service providers directly, DNB was able to agree on the inclusion of an audit right in Microsoft's Office 365 contracts with financial institutions. And since DNB also approached Microsoft on behalf of joint international supervisory authorities ITSG, the agreement with Microsoft also benefits other foreign financial supervisory authorities. ITSG is an informal group in which financial regulators participate of (amongst others) the United States, Australia, Canada, China, Singapore, Hong Kong, Japan, United Kingdom, the Netherlands, Belgium, Luxemburg and Germany.
The agreement between DNB and Microsoft is notable for a number of reasons. Not only because a supervisory authority directly discussed and agreed with a cloud supplier (which by itself is not regulated by financial regulations) on regulatory requirements, but also because DNB was able to reach this agreement on behalf of other foreign supervisory authorities. The agreement shows that financial supervisory authorities have a willingness to seek solutions with the market in an international context. As a result, this agreement with Microsoft sets an international precedent for cloud suppliers’ contracts with financial institutions.