The prudential regulator's new approach to cloud computing has been labelled as "misguided" by one fintech firm.
APRA released an information paper titled Outsourcing Involving Shared Computer Services (Including Cloud) last week, which separates shared computing services into "low risk" and "heightened inherent risk".
Examples of low-risk services, according to APRA, are shared facilities with each entity's IT assets located on separate hardware and shared infrastructure hosting data that is either "low criticality", desensitised or publicly available.
Shared computing services with heightened inherent risk include those that have exposure to untrusted environments; the 'public cloud'; and arrangements where providers, the shared computing service or the specific usage has an "unproven track record", APRA said.
Finally, the disruption of shared computing services that host customers' information can have an "extreme impact", the regulator said.
But UK and Australia-based cloud-computing wealth management firm PractiFI took exception to APRA's approach.
"We lament, once again, the misguided nature of APRA’s approach to technology," PractiFI co-founder Adrian Johnstone said.
"The regulator seems to be stuck in a time warp, where globalised, multi-tenant technologies are forever trapped as new entrants."
For the most part, the information in APRA's new paper is "simple, uncontroversial stuff", Mr Johnstone said.
"Where it all breaks down, however, is with APRA’s assertion that IT risks are dramatically ramped up when using contemporary outsourced approaches. They just aren’t," he said.
Contrary to APRA's assertions, Mr Johnstone said software built by "global technology leaders with active clients in every major market in the world" is much less risky than software coded and tested "by hand" by developers locally.
"The best enterprise cloud solutions are more resilient and lower cost, both of which are massively in the best interests of members," he said.
"Understanding risk is a critical component of decision-making. But the inference that globalised, multi-tenant technology is inherently riskier than locally built and hosted systems is nonsense.
"Australia’s wealth industry leads the world in many respects, but it’s not immune to progress. The challenge for APRA is to make sure they don’t create unnecessary barriers to it staying there."