US Treasury Assesses Adoption of Cloud Services in Financial Sector
The U.S. Department of the Treasury published a report on the potential benefits and challenges associated with the increasing trend of financial sector firms adopting cloud services technology.
The report sets out findings of the U.S. Treasury on the current state of cloud adoption in the financial sector, including potential benefits and challenges associated with the increasing adoption of cloud services. The report does not impose any requirements or standards applicable to regulated financial institutions and does not endorse or discourage the use of any specific provider or cloud services. The report findings shows that the adoption of public cloud services has increased rapidly over the last decade, though the models of adoption continue to vary across the financial sector. Many larger financial institutions plan to adopt a hybrid model involving the strategic use of both public and private cloud services with their own data centers, some financial institutions have significantly reduced their data center footprint by hosting applications and data in a public cloud environment. Meanwhile, smaller and mid-size institutions are also adopting public cloud services, with some operating their information technology (IT) infrastructure entirely in the cloud. Other adoption is indirect and results from an institution’s relationships with third-party providers, which have gravitated away from offering on-premises solutions in favor of cloud-based ones. The report also identifies the following six thematic challenges that may detract from the potential benefits associated with cloud services:
- Insufficient transparency to support due diligence and monitoring by financial institutions. It is essential that financial institutions fully understand risks associated with cloud services so they can build their technology architecture with appropriate protections for consumers. Treasury believes that further efforts are needed to achieve the right balance of information sharing between cloud service providers and financial institutions.
- Gaps in human capital and tools to securely deploy cloud services. The cloud service providers need to increase employee engagement experts, and to improve supportive technological tools and adoption frameworks that can help ensure that financial service firms design and maintain resilient, secure platforms for their customers.
- Exposure to potential operational incidents, including those originating at a cloud service provider. Many financial institutions have expressed concern that a cyber vulnerability or incident at one cloud service provider may potentially have a cascading impact across the broader financial sector.
- Potential impact of market concentration in cloud service offerings on the financial sector’s resilience. The current market is concentrated around a small number of cloud service providers, which means that if an incident occurs at one cloud service provider, it could affect many financial sector clients concurrently.
- Dynamics in contract negotiations, given market concentration. The limited number of cloud service providers may give them outsized bargaining power when contracting with financial institutions. This outsized negotiating advantage could limit the ability of financial institutions, particularly smaller financial institutions, from negotiating advantageous contractual terms for cloud services.
- International landscape and regulatory fragmentation. The increased foreign regulatory scrutiny of cloud services and cloud service providers could pose benefits and risks to the resilience, security, and capabilities of cloud services at a global scale.
As a next step, the U.S. Treasury will continue to monitor and facilitate further engagement between the financial sector and cloud service providers. The U.S. Treasury plans to focus on promoting closer domestic cooperation among U.S. regulators on cloud services, conducting tabletop exercises with industry, reviewing sector-wide incident protocols in light of growing reliance on cloud services, measuring cloud service dependencies across the sector and assessing systemic concentration and related risks on a sector-wide basis, and identifying ways to foster effective risk management practices in the financial services industry. The U.S. Treasury, along with members of the Financial and Banking Information Infrastructure Committee (FBIIC), will continue to support the development of relevant standards and international policies at the G7, the Financial Stability Board, and the international financial standard-setting bodies and to explore ways to increase international collaboration and coordination on financial regulatory issues arising from cloud services.
Related Links
Keywords: Americas, US, Banking, Regtech, Fintech, Cloud Adoption, Cloud Service Providers, Cyber Risk, Systemic Risk, Concentration Risk, IT Risk, US Treasury
Featured Experts
Blake Coules
Across 35 years in banking, Blake has gained deep insights into the inner working of this sector. Over the last two decades, Blake has been an Operating Committee member, leading teams and executing strategies in Credit and Enterprise Risk as well as Line of Business. His focus over this time has been primarily Commercial/Corporate with particular emphasis on CRE. Blake has spent most of his career with large and mid-size banks. Blake joined Moody’s Analytics in 2021 after leading the transformation of the credit approval and reporting process at a $25 billion bank.
Previous Article
BoE Publishes Policy on Outsourcing and Third-Party Risk for FMIsNext Article
BIS Innovation Hub Sets Out Work Priorities for 2023Related Articles
BIS and Central Banks Experiment with GenAI to Assess Climate Risks
A recent report from the Bank for International Settlements (BIS) Innovation Hub details Project Gaia, a collaboration between the BIS Innovation Hub Eurosystem Center and certain central banks in Europe
Nearly 25% G-SIBs Commit to Adopting TNFD Nature-Related Disclosures
Nature-related risks are increasing in severity and frequency, affecting businesses, capital providers, financial systems, and economies.
Singapore to Mandate Climate Disclosures from FY2025
Singapore recently took a significant step toward turning climate ambition into action, with the introduction of mandatory climate-related disclosures for listed and large non-listed companies
SEC Finalizes Climate-Related Disclosures Rule
The U.S. Securities and Exchange Commission (SEC) has finalized the long-awaited rule that mandates climate-related disclosures for domestic and foreign publicly listed companies in the U.S.
EBA Proposes Standards Related to Standardized Credit Risk Approach
The European Banking Authority (EBA) has been taking significant steps toward implementing the Basel III framework and strengthening the regulatory framework for credit institutions in the EU
US Regulators Release Stress Test Scenarios for Banks
The U.S. regulators recently released baseline and severely adverse scenarios, along with other details, for stress testing the banks in 2024. The relevant U.S. banking regulators are the Federal Reserve Bank (FED), the Federal Deposit Insurance Corporation (FDIC), and the Office of the Comptroller of the Currency (OCC).
Asian Governments Aim for Interoperability in AI Governance Frameworks
The regulatory landscape for artificial intelligence (AI), including the generative kind, is evolving rapidly, with governments and regulators aiming to address the challenges and opportunities presented by this transformative technology.
EBA Proposes Operational Risk Standards Under Final Basel III Package
The European Union (EU) has been working on the final elements of Basel III standards, with endorsement of the Banking Package and the publication of the European Banking Authority (EBA) roadmap on Basel III implementation in December 2023.
EFRAG Proposes XBRL Taxonomy and Standard for Listed SMEs Under ESRS
The European Financial Reporting Advisory Group (EFRAG), which plays a crucial role in shaping corporate reporting standards in European Union (EU), is seeking comments, until May 21, 2024, on the Exposure Draft ESRS for listed SMEs.
ECB to Expand Climate Change Work in 2024-2025
Banking regulators worldwide are increasingly focusing on addressing, monitoring, and supervising the institutions' exposure to climate and environmental risks.