Financial industry representatives and federal officials today released a suite of resources to enhance the relationship between cloud service providers and financial institutions, and to give regulators more confidence that bank cloud services can be used safely and soundly.
The Treasury Department last year released a report that identified gaps in the financial services sector’s adoption of cloud services. One outcome of that report was the launch of a private-public partnership with the Financial Services Sector Coordinating Council, or FSSCC, a nonprofit financial services industry group. During a joint FSSCC-Treasury presentation, council vice chair and American Bankers EVP Paul Benda said that FSSCC developed three new resources through the collaboration.
“These are resources that financial institutions of all sizes can use today to enhance their resilience and provide [cloud services providers] a detailed overview of regulatory expectations that their financial institution customers must meet,” Benda said. The resources are:
- “Financial Sector Cloud Outsourcing Issues and Considerations,” a document for financial institutions that provides a non-exhaustive list of key considerations for developing contractual language with cloud service providers to address risk and supervisory and compliance expectations when using the services, Benda said. It also guides providers for how they should align their products to meet regulatory expectations. ABA and the Securities Industry and Financial Markets Association drafted the document.
- “Cloud Profile 2.0,” developed by the Cyber Risk Institute, which is intended to serve as a cloud security implementation plan for financial institutions of all sizes and functions.
- “Transparency and Monitoring for Better ‘Secure-by-Design,’” a document comprised of two outputs for financial institutions with workloads running in cloud service provider environments. It was co-authored by the Financial Services Information Sharing and Analysis Center.
While the FSSCC was developing the three resources, a second private-public partnership, the Financial and Banking Infrastructure Committee, developed two others.
- “Cloud Lexicon,” led by the Office of the Comptroller of the Currency, provides a single point of reference for the most prominent terms used by cloud service providers and financial services customers.
- The Coordinated Information Sharing and Examinations Initiative, led by the Consumer Financial Protection Bureau, which will address the coordination of examinations and information sharing related to cloud service providers, under the respective agency’s legal authorities.
“Banks and other financial services firms know they must adapt to new technologies, but many have been uncertain as to how to do so safely and soundly,” said Acting Comptroller of the Currency Michael Hsu. “Today’s publications mark a significant step forward by providing a roadmap and helpful resources for banks of all sizes. These documents also clarify cloud service providers’ responsibilities for ensuring a secure and resilient financial system.”
