fsi compliance blog illo

For five years in a row, IBM Security’s X-Force Threat Intelligence Index has listed financial services as the most-attacked industry by cybercrime, underscoring the significant threat that these organizations consistently face. Because of the high value of financial services data, increasing cybercrime, and the important role financial services companies play in stabilizing the global financial market, regulators expect heightened oversight and scrutiny of every global institution managing this data. Any of these institutions that don’t abide by the regulations can expect sanctions and millions of dollars in penalties as a result of impropriety.

Atlassian Cloud products have always been built with industry-leading compliance frameworks in mind. Now, we’re excited to announce the next phase of Atlassian Cloud Enterprise, which provides security and data privacy capabilities that are compliant with region-specific regulatory standards. Financial services customers with operations in EMEA can feel confident that our Cloud Enterprise products address the compliance standards of some of the most stringent regions in the world, namely the European Banking Authority (EBA) and Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) in Germany.

Addressing evolving regulations

Financial services companies are winning big with cloud migration

Moving from an on-premise environment to the cloud can be a daunting task for many financial institutions. It requires institutions that are used to taking care of their own security and compliance to transition those responsibilities to another party, like Atlassian. But in the highly competitive financial sector, moving from server to cloud can offer a huge leg up. It removes the administrative overhead associated with the day-to-day maintenance of the regulatory obligations of their products. By doing this, they can shift focus to the strategic projects that allow them to accelerate their business goals.

We understand that when customers rely on Atlassian to manage the safety of their mission-critical products, they are entrusting us with their brand equity and the privacy of their company and customer data. So we’ve devoted the time and resources to fortifying our Cloud Enterprise products with region-specific, enterprise-grade, industry-leading security requirements.

In the last year, Atlassian has bolstered our security and data privacy protocols to give our customers:

  • greater transparency in how we store, process, and secure their data.
  • access to audit and oversee capabilities to ensure they have the information they need to do their own risk assessments.
  • improvements to our breach notification processes to abide by the latest regulations.
  • increased commitment to the continuity of service in the event of bankruptcy or termination to ensure customers have adequate time to close out their obligations.

All these improvements and more are outlined in our mapping guidance, which provides a line-by-line comparison of Atlassian’s compliance controls and how they correspond specifically to the EBA and BaFin requirements. And with daily rollouts of new regulatory standards, including the most recent GDPR updates, we’ve made it easier than ever for customers to control where their data is stored using data residency.


In an update to the Schrems II ruling last year, the Court of Justice of the European Union (CJEU) updated their guidance for Standard Contractual Clauses (SCCs), the mechanism in which companies providing services to European residents could transfer data from the EU to countries like the U.S in compliance with GDPR. In response, we’ve published new, compliant SCCs, which can be found within our Data Processing Addendum.

The results speak for themselves

NCR, a global point of sale software provider with 36,000 employees, uses Atlassian Cloud products to keep all stakeholders in lockstep throughout strategic planning and daily execution to make sure they’re hitting the mark on every dimension.

If you’re using cloud-based offerings, you can focus on your core competencies – instead of worrying about infrastructure or headcount – to manage this environment 24/7/365. All that stuff you can brush aside because [Atlassian] is magically managing it.

– Arthur Meloy, VP of Innovation and Development Transformation, NCR

The value we’ve created with customers like NCR has trickled down to their customers. Atlassian helped NCR accelerate their delivery timelines from every few months to every single day by providing an integrated solution that they could use across their organization that provided them with the security and compliance that their enterprise required.

And they’re not alone – 92 percent of our financial services customers say the move to Cloud cuts admin time by at least 11 percent.

Looking forward

As we head into 2022, we’ll continue to double down on our commitment to bolster our security and compliance program in Cloud to ensure that our policies maintain the integrity of the financial sector and consumer data. Next, we’ll expand our compliance program to address US- and Australia-specific standards for our financial services customers. Customers can expect that to launch in early 2022. To learn more about this or how Atlassian Cloud can drive more value for financial services customers, get in touch with our Enterprise sales team.

Cloud Enterprise built for financial services customers