The concept of "outsourcing" is broadly defined, but slightly differently defined by the Financial Conduct Authority ("FCA"), the Prudential Regulation Authority ("PRA") and the European Banking Authority ("EBA"). The FCA's definition requires the use of a person to provide customized services to a firm other than a member of the firm's governing body acting in their capacity as such or an individual employed by a firm under a contract of service. The PRA defines outsourcing as an arrangement of any form between a firm and a service provider by which that service provider performs a process, service or activity that would otherwise be undertaken by the firm. The EBA's definition requires an arrangement between a firm and a service provider by which the service provider performs a process, service or activity that would otherwise have to be undertaken by the regulated firm. 

The use of cloud services will be caught where, if its services were not being used to host, for example, a firm's risk management systems, that firm would need to perform these activities itself.

However, this is an issue that will be circumstance dependent and fact specific.

The EBA Guidelines on Outsourcing help to determine whether activities performed by a third party constitute an "outsourcing." Activities expressly excluded as outsourcing are:

• Functions that are legally required to be performed by a service provider (e.g., statutory audit)
• Provision of market information services
• Purchase of access to "global network infrastructures" (e.g., payment card schemes)
• Clearing and settlement arrangements
• Correspondent banking services