Professional Documents
Culture Documents
VISOKA ŠKOLA
“INTERNACIONALNA POSLOVNO – INFORMACIONA
AKADEMIJA” TUZLA
ZBORNIK
RADOVA
Book of Proceedings
Dizajn/Design
Katarina Andrejaš
Urednici / Editors
Damir Bećirović
Haris Delić
Izdavač / Publisher
Internacionalna poslovno - informaciona akademija
1. Zoran Ereiz
RISK MANAGEMENT IN SOFTWARE PROJECTS: HOW RISKS ARE (NOT) MANAGED IN
SOFTWARE DEVELOPMENT PROJECTS.................................................................................. 7
6. Siniša Franjić
BITCOIN TRANSACTIONS ..................................................................................................... 59
7. Katarina Rojko
INNOVATIVE LEARNING AND TEACHING IN HIGHER EDUCATION SUPPORTED BY WEB
PLATFORMS AND APPLICATIONS ........................................................................................ 67
8. Benjamin Nurkić
INTRODUCING ELECTRONIC ELECTIONS WITHOUT ENFORCING THE JUDGMENTS OF THE
EUROPEAN COURT OF HUMAN RIGHTS – DIGITIZATION WITHOUT SUBSTANTIAL
DEMOCRATIZATION ............................................................................................................ 81
3
13. Edina Zahirović Vilašević, Haris Delić
SHARING ECONOMY LEGISLATION FROM A RENTAL REAL ESTATE PERSPECTIVE IN THE
FEDERATION OF BOSNIA AND HERZEGOVINA ENTITY ...................................................... 119
4
dr.sc. Haris Hamidović, dipl.ing.el.27 Review Paper / Pregledni rad
mag. iur. Amra Hamidović28
Abstract
The applicable laws and regulations in Bosnia and Herzegovina do not specifically prescribe direct
restrictions relating to the establishment and use of cloud computing services by banking system entities in
Bosnia and Herzegovina. However, the use of this type of service is a segment of the outsourcing of business
activities that supports the core business. According to the decisions of the entity banking agencies in Bosnia
and Herzegovina on outsourcing management, banks in Bosnia and Herzegovina are obliged to provide the
process of implementing and managing outsourcing and risks that can result from the outsourcing. In
addition to banks, other entities of the banking system in Bosnia and Herzegovina should consider the
provisions of the outsourcing decisions when considering the arrangements for outsourcing. A large part of
the requirements of outsourcing decisions are what any conscientious and prudent cloud computing client,
whether regulated or not, should take in any case. In this paper, we outline some of the requirements that
banking system entities in Bosnia and Herzegovina should ensure in the process of implementing and
managing outsourcing and the risks that may arise from outsourcing.
Keywords:Cloud computing, outsourcing, banking system entities, exit strategy, cyber security.
1. Introduction
According to the decisions of the entity banking agencies in Bosnia and Herzegovina on outsourcing
management, banks in Bosnia and Herzegovina are obliged to provide the process of implementing and
managing outsourcing and risks that can result from the outsourcing. Other Banking System Entities (BSEs),
such as microcredit organizations, leasing companies etc., should also have regard to provisions of these
decisions as if they were guidance not a requirement (Marchini, 2010). Among other things, banks are
required to develop a plan for unpredictable situations and an exit strategy for the bank, including the
continuation of the outsourced activities by a different service provider, or returning the activities to the
bank, and ensure their implementation.
The European Banking Authority (EBA) in its guidelines on outsourcing arrangements states that „financial
institutions should have a documented exit strategy when outsourcing critical or important functions that is
in line with their outsourcing policy and business continuity plans, taking into account at least the possibility
of:
a) the termination of outsourcing arrangements;
b) the failure of the service provider;
c) the deterioration of the quality of the function provided and actual or potential business disruptions caused
by the inappropriate or failed provision of the function;
d) material risks arising for the appropriate and continuous application of the function.“ (EBA, 2019)
89
This paper addresses termination issues that banking system entities to a cloud services arrangement should
consider and address in their agreements, especially in the case of outsourcing critical or vital services.
Marchini details the associated risks as: If the SaaS provider is insolvent, whilst the data may well be very
safe indeed, it isin the hands of a PaaS (or IaaS) provider (or, worst, one of its subcontractors). Thecustomer
will have real difficulty in retrieving the data from anyone lower downthe chain. In the first place, the
customer may simply not know where the data is(although this does of course depend on the extent of its
diligence). Even when the customer does know where the data is, the PaaS or IaaS provider may simply not
be interested in assisting the customer (who was not its customer) (Marchini, 2010).
5. Conclusion
Cloud computing attracts banking system entities for the same reasons that cloud computing attracts
organizations in other industries - by offering increased flexibility and efficiency at lower costs than on-
premises computing solutions. However, cloud computing for banking system entities creates increased
security risks and regulatory and legal scrutiny.
It is essential in any adoption of cloud that the customer ensure that they have ready access to data on an
ongoing basis. Every organization needs to carefully consider whether the risk of having only one copy of
their data with one cloud provider is a risk that they are willing to take. For the banking system this is not
just a matter of good practice, but also a legal obligation when it comes to critical business services.
Cloud computing users have significant and ongoing concerns about the risks inherent in cloud computing.
Unfortunately, these issues are not adequately addressed in the standard contract terms offered by most
cloud computing service providers. Cloud computing users today lack sufficient bargaining power to
negotiate more balanced agreements. There is little indication that bargaining power has begun to change in
favor of customer empowerment. From the perspective of the service provider, customers cannot claim the
cheapest service and, in addition, significant guarantees and assumption of responsibility. There is little
incentive, especially for large cloud computing providers, to create and offer customer-friendly contracts.
One possible solution is for banking industry sectors to form coalitions and thus increase their bargaining
93
power for more favorable contracts with cloud computing providers. In addition, given the requirements of
domestic regulators, consideration should also be given to developing appropriate national models, which
would benefit both cloud computing service providers, regulated industry users, and regulators who could
exercise appropriate oversight.
References:
1. Burtzel, C. M. (2019). Negotiating the Exit – Ensuring Successful Transition in Cloud Contracts,
at Rothchild, J., Lifshitzed, L. R., (2019). Cloud 3.0: Drafting and Negotiating Cloud Computing
Agreements, American Bar Association.
2. EBA, (2019). Guidelines on outsourcing arrangements.
3. Hamidović, H. (2019). Računarstvo u oblaku i rizici zaštite podataka. Pravo i finansije. No. 12.
Pp. 25-27.
4. Marchini, R. (2010). Cloud Computing: A Practical Introduction to the Legal Issues, British
Standards Institution.
5. Mell, P., Grance, T., (2011). The NIST Definition of Cloud Computing - NIST Special
Publication 800-145. National Institute of Standards and Technology.
6. Official Gazette of the Federation of Bosnia and Herzegovina, (2017). Decision on the
Management of Externalization at the Bank (“Official Gazette of the Federation of Bosnia and
Herzegovina”, No. 81/17).
7. Official Gazette of the Federation of Bosnia and Herzegovina, (2017). Decision on the
Management of the Information System in the Bank ("Official Gazette of the Federation of
Bosnia and Herzegovina", No. 81/17).
8. Official Gazette of Republika Srpska, (2017). Decision on outsourcing (“Official Gazette of
Republika Srpska”, No. 75/17).
9. Official Gazette of Republika Srpska, (2017). Decision on information system management in
banks (“Official Gazette of Republika Srpska”, No. 116/17).
94