The U.S. Department of the Treasury published a report on the potential benefits and challenges associated with the increasing trend of financial sector firms adopting cloud services technology.
The report sets out findings of the U.S. Treasury on the current state of cloud adoption in the financial sector, including potential benefits and challenges associated with the increasing adoption of cloud services. The report does not impose any requirements or standards applicable to regulated financial institutions and does not endorse or discourage the use of any specific provider or cloud services. The report findings shows that the adoption of public cloud services has increased rapidly over the last decade, though the models of adoption continue to vary across the financial sector. Many larger financial institutions plan to adopt a hybrid model involving the strategic use of both public and private cloud services with their own data centers, some financial institutions have significantly reduced their data center footprint by hosting applications and data in a public cloud environment. Meanwhile, smaller and mid-size institutions are also adopting public cloud services, with some operating their information technology (IT) infrastructure entirely in the cloud. Other adoption is indirect and results from an institution’s relationships with third-party providers, which have gravitated away from offering on-premises solutions in favor of cloud-based ones. The report also identifies the following six thematic challenges that may detract from the potential benefits associated with cloud services:
- Insufficient transparency to support due diligence and monitoring by financial institutions. It is essential that financial institutions fully understand risks associated with cloud services so they can build their technology architecture with appropriate protections for consumers. Treasury believes that further efforts are needed to achieve the right balance of information sharing between cloud service providers and financial institutions.
- Gaps in human capital and tools to securely deploy cloud services. The cloud service providers need to increase employee engagement experts, and to improve supportive technological tools and adoption frameworks that can help ensure that financial service firms design and maintain resilient, secure platforms for their customers.
- Exposure to potential operational incidents, including those originating at a cloud service provider. Many financial institutions have expressed concern that a cyber vulnerability or incident at one cloud service provider may potentially have a cascading impact across the broader financial sector.
- Potential impact of market concentration in cloud service offerings on the financial sector’s resilience. The current market is concentrated around a small number of cloud service providers, which means that if an incident occurs at one cloud service provider, it could affect many financial sector clients concurrently.
- Dynamics in contract negotiations, given market concentration. The limited number of cloud service providers may give them outsized bargaining power when contracting with financial institutions. This outsized negotiating advantage could limit the ability of financial institutions, particularly smaller financial institutions, from negotiating advantageous contractual terms for cloud services.
- International landscape and regulatory fragmentation. The increased foreign regulatory scrutiny of cloud services and cloud service providers could pose benefits and risks to the resilience, security, and capabilities of cloud services at a global scale.
As a next step, the U.S. Treasury will continue to monitor and facilitate further engagement between the financial sector and cloud service providers. The U.S. Treasury plans to focus on promoting closer domestic cooperation among U.S. regulators on cloud services, conducting tabletop exercises with industry, reviewing sector-wide incident protocols in light of growing reliance on cloud services, measuring cloud service dependencies across the sector and assessing systemic concentration and related risks on a sector-wide basis, and identifying ways to foster effective risk management practices in the financial services industry. The U.S. Treasury, along with members of the Financial and Banking Information Infrastructure Committee (FBIIC), will continue to support the development of relevant standards and international policies at the G7, the Financial Stability Board, and the international financial standard-setting bodies and to explore ways to increase international collaboration and coordination on financial regulatory issues arising from cloud services.
Keywords: Americas, US, Banking, Regtech, Fintech, Cloud Adoption, Cloud Service Providers, Cyber Risk, Systemic Risk, Concentration Risk, IT Risk, US Treasury
Across 35 years in banking, Blake has gained deep insights into the inner working of this sector. Over the last two decades, Blake has been an Operating Committee member, leading teams and executing strategies in Credit and Enterprise Risk as well as Line of Business. His focus over this time has been primarily Commercial/Corporate with particular emphasis on CRE. Blake has spent most of his career with large and mid-size banks. Blake joined Moody’s Analytics in 2021 after leading the transformation of the credit approval and reporting process at a $25 billion bank.
Previous ArticleBoE Publishes Policy on Outsourcing and Third-Party Risk for FMIs
Next ArticleBIS Innovation Hub Sets Out Work Priorities for 2023
The use cases of generative AI in the banking sector are evolving fast, with many institutions adopting the technology to enhance customer service and operational efficiency.
As part of the increasing regulatory focus on operational resilience, cyber risk stress testing is also becoming a crucial aspect of ensuring bank resilience in the face of cyber threats.
A few years down the road from the last global financial crisis, regulators are still issuing rules and monitoring banks to ensure that they comply with the regulations.
The European Commission (EC) recently issued an update informing that the European Council and the Parliament have endorsed the Banking Package implementing the final elements of Basel III standards
The Swiss Federal Council recently decided to further develop the Swiss Climate Scores, which it had first launched in June 2022.
The Basel Committee on Banking Supervision (BCBS) launched consultation on a Pillar 3 disclosure framework for climate-related financial risks, with the comment period ending on February 29, 2024.
The U.S. President Joe Biden signed an Executive Order, dated October 30, 2023, to ensure safe, secure, and trustworthy development and use of artificial intelligence (AI).
The Monetary Authority of Singapore (MAS) launched an integrated digital platform, Gprnt, also known as “Greenprint.”
The European Banking Authority (EBA) has published the final templates, and the associated guidance, for collecting climate-related data for the one-off Fit-for-55 climate risk scenario analysis.
The Network for Greening the Financial System (NGFS) published its latest set of long-term climate macro-financial scenarios (Phase IV) for assessing forward-looking climate risks.