ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
ADVERTISEMENT
Home Compliance and Risk

Head in the clouds

February 9, 2023
Reading Time: 3 mins read
Head in the clouds

A Google Cloud data center in the Dalles, Oregon. Photo by Tony Webster

What’s next for ensuring the resilience of the critically important cloud service provider sector?

By John Carlson

Cloud service providers like Amazon Web Services and Microsoft’s Azure have changed the game for all kinds of computing and processing needs—in many cases accelerating innovation, technology uptime and speed to market. Financial services is no exception. Just how are banks employing cloud services—and what are the implications for the financial sector’s operational resilience?

On Feb. 8, the U.S. Treasury Department’s Office of Cybersecurity and Critical Infrastructure Protection released a paper on cloud computing. Treasury leadership commissioned the report to explore how the use of cloud service providers, or CSPs, may affect the financial sector’s resilience, and it includes a proposed action plan that may afford new opportunities for public-private sector collaboration.

How banks use CSPs

The primary drivers for the financial sector’s migration to cloud services include:

  • Faster development and scaling of new applications and services using cloud infrastructure and tools.
  • Competitive challenges and customer demands for digital financial products and partnerships with fintech firms.
  • Increased resilience to physical and cyber incidents.
  • Opportunity to retire legacy technology and reduce costs.
  • Expansion of IT infrastructure to support remote workers and customers’ use of digital financial services, accelerated during the COVID-19 pandemic and remaining at elevated levels ever since.

The paper also lays out key challenges financial institutions face when implementing and using cloud-based services, including:

  • Insufficient transparency from CSPs to support due diligence and monitoring by financial institutions.
  • Gaps in human capital and tools to securely deploy cloud services.
  • Exposure to potential operational incidents, including those originating at a CSP.
  • Potential impact of market concentration in cloud service offerings on the financial sector’s resilience.
  • Challenges negotiating contracts due to the concentration in the cloud computing market.
  • Regulatory fragmentation around the globe.

How will the U.S. government respond?

To address these key challenges, the paper proposes an action plan for Treasury. Key steps include establishing a cloud services steering group with the participation of U.S. federal financial regulators to promote closer domestic cooperation among regulators.

The action plan also emphasizes further engagement between banks and CSPs and the use of industry tabletop exercises, an important part of cyber incident readiness. The financial sector should review its sector-wide incident protocols in light of banks’ growing reliance on cloud services, and industry should develop appropriate measurements of cloud service dependencies across the sector and assess systemic concentration and related risks on a sector-wide basis.

Finally, given the international scale of CSP services, the paper recommends continuing to support the development of relevant standards and international policies at the G7, the Financial Stability Board and the international financial standard-setting bodies, as well as exploring ways to increase international collaboration and coordination on financial regulatory issues arising from cloud services.

What’s next?

Last year, Treasury sought input for this report from ABA staff, ABA member banks, and the major cloud services providers: Amazon Web Services, Microsoft Azure, Google Cloud, IBM. While the report does not impose any new requirements or standards applicable to regulated financial institutions, Treasury also engaged regulators from the Federal Reserve, FDIC and OCC in developing this paper. The federal banking agencies have authority under the Bank Service Company Act to examine CSPs and, as such, have gained expertise in evaluating security and operational risk controls through examinations. In addition, these agencies have issued supervisory guidance over the past decade that lay out expectations for how banks should manage CSPs as third-party providers.

As ABA continues to engage on CSP-related issues, it will convene a call for ABA members on March 1 at 2 p.m. ET to hear directly from the Treasury officials who prepared the report. The association will continue to engage with Treasury and financial regulators on many of the initiatives in the action plan through its leadership role on the Financial Services Sector Coordinating Council, where ABA SVP Paul Benda is vice chairman.

Recognizing that core processors also rely increasingly on CSPs, ABA will also engage core service providers through the ABA Core Platforms Committee. The association will continue to monitor commercial and regulatory developments in the cloud computing space, assess their effects on the banking industry, and develop resources to support banks’ exploration of and potential migration to cloud-based services, as warranted. Finally, ABA will continue to use the free Cyber Risk Institute Profile (which is aligned with the Cloud Security Alliance’s Cloud Capability Matrix) to reduce the time required to demonstrate compliance with regulatory requirements and cyber standards.

The role of cloud service providers continues to expand. This report marks an important evolution in how the Treasury, financial regulators, banks and CSPs address challenges in a collaborative manner.

John Carlson is VP for cybersecurity regulation and resilience at ABA.

ADVERTISEMENT
Tags: Cloud computingCore processingCybersecurityThird-party risk
ShareTweetPin

Related Posts

CFPB warns against certain terms in financial service contracts

CFPB withdraws proposed ban on certain contract language for financial products

Compliance and Risk
May 15, 2025

The CFPB has withdrawn a proposed rule to prohibit contractual provisions in agreements for consumer financial products or services that waive “substantive” consumer legal rights and protections.

Former NCUA chair named acting OCC head

Acting Comptroller Hood outlines OCC priorities

Newsbytes
May 13, 2025

In a recent speech, Acting Comptroller Rodney Hood outlined his top priorities for the OCC, including efforts to promote financial inclusion and expand the banks’ ability to provide cryptocurrency services.

CFPB urges states to ban ‘junk fees,’ revamp consumer protection laws

Agencies update host-state loan-to-deposit ratios

Compliance and Risk
May 12, 2025

The federal banking agencies issued updated host-state loan-to-deposit ratios that they will use to determine compliance with Section 109 of the Riegle-Neal Interstate Banking and Branching Efficiency Act.

U.S. Supreme Court rules CFPB’s funding structure is constitutional

With Trump signing repeal of CFPB overdraft rule, ABA to drop lawsuit

Compliance and Risk
May 9, 2025

President Trump has signed into law an ABA-championed resolution overturning the CFPB’s limits on overdraft fees.

CFPB claims ‘complex’ pricing drives up cost of financial products

CFPB rescinds dozens of guidance documents

Compliance and Risk
May 9, 2025

The CFPB announced it is rescinding dozens of guidance documents on topics such as fair lending, overdraft fees, disclosure policies and consumer information requests to large banks and credit unions.

White paper: Banks have clear legal authority to issue stablecoins

Stablecoin legislation hits roadblock in Senate

Newsbytes
May 8, 2025

A bill to create a regulatory framework for stablecoins stalled in the Senate after it failed to generate enough votes to advance. Afterward, Senate Republicans vowed to continue working to pass the legislation.

NEWSBYTES

CFPB withdraws proposed ban on certain contract language for financial products

May 15, 2025

Mortgage rates rise

May 15, 2025

Survey: Most Americans want high schools to offer financial education

May 15, 2025

SPONSORED CONTENT

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

Choosing the Right Account Opening Platform: 10 Key Considerations for Long-Term Success

April 25, 2025
Outsourcing: Getting to Go/No-Go

Outsourcing: Getting to Go/No-Go

April 5, 2025
Six Payments Trends Driving the Future of Transactions

Six Payments Trends Driving the Future of Transactions

March 15, 2025
AI for Banks: A Starter Guide for Community and Regional Institutions

AI for Banks: A Starter Guide for Community and Regional Institutions

March 1, 2025

PODCASTS

Podcast: Accelerating banking for quick-service restaurants

May 8, 2025

How a Georgia community bank supports government-guaranteed lending nationwide

May 1, 2025

Podcast: Quantum computing’s shakeup in payments, cybersecurity

April 24, 2025
ADVERTISEMENT

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2025 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2025 American Bankers Association. All rights reserved.