US Treasury Assesses Adoption of Cloud Services in Financial Sector
The U.S. Department of the Treasury published a report on the potential benefits and challenges associated with the increasing trend of financial sector firms adopting cloud services technology.
The report sets out findings of the U.S. Treasury on the current state of cloud adoption in the financial sector, including potential benefits and challenges associated with the increasing adoption of cloud services. The report does not impose any requirements or standards applicable to regulated financial institutions and does not endorse or discourage the use of any specific provider or cloud services. The report findings shows that the adoption of public cloud services has increased rapidly over the last decade, though the models of adoption continue to vary across the financial sector. Many larger financial institutions plan to adopt a hybrid model involving the strategic use of both public and private cloud services with their own data centers, some financial institutions have significantly reduced their data center footprint by hosting applications and data in a public cloud environment. Meanwhile, smaller and mid-size institutions are also adopting public cloud services, with some operating their information technology (IT) infrastructure entirely in the cloud. Other adoption is indirect and results from an institution’s relationships with third-party providers, which have gravitated away from offering on-premises solutions in favor of cloud-based ones. The report also identifies the following six thematic challenges that may detract from the potential benefits associated with cloud services:
- Insufficient transparency to support due diligence and monitoring by financial institutions. It is essential that financial institutions fully understand risks associated with cloud services so they can build their technology architecture with appropriate protections for consumers. Treasury believes that further efforts are needed to achieve the right balance of information sharing between cloud service providers and financial institutions.
- Gaps in human capital and tools to securely deploy cloud services. The cloud service providers need to increase employee engagement experts, and to improve supportive technological tools and adoption frameworks that can help ensure that financial service firms design and maintain resilient, secure platforms for their customers.
- Exposure to potential operational incidents, including those originating at a cloud service provider. Many financial institutions have expressed concern that a cyber vulnerability or incident at one cloud service provider may potentially have a cascading impact across the broader financial sector.
- Potential impact of market concentration in cloud service offerings on the financial sector’s resilience. The current market is concentrated around a small number of cloud service providers, which means that if an incident occurs at one cloud service provider, it could affect many financial sector clients concurrently.
- Dynamics in contract negotiations, given market concentration. The limited number of cloud service providers may give them outsized bargaining power when contracting with financial institutions. This outsized negotiating advantage could limit the ability of financial institutions, particularly smaller financial institutions, from negotiating advantageous contractual terms for cloud services.
- International landscape and regulatory fragmentation. The increased foreign regulatory scrutiny of cloud services and cloud service providers could pose benefits and risks to the resilience, security, and capabilities of cloud services at a global scale.
As a next step, the U.S. Treasury will continue to monitor and facilitate further engagement between the financial sector and cloud service providers. The U.S. Treasury plans to focus on promoting closer domestic cooperation among U.S. regulators on cloud services, conducting tabletop exercises with industry, reviewing sector-wide incident protocols in light of growing reliance on cloud services, measuring cloud service dependencies across the sector and assessing systemic concentration and related risks on a sector-wide basis, and identifying ways to foster effective risk management practices in the financial services industry. The U.S. Treasury, along with members of the Financial and Banking Information Infrastructure Committee (FBIIC), will continue to support the development of relevant standards and international policies at the G7, the Financial Stability Board, and the international financial standard-setting bodies and to explore ways to increase international collaboration and coordination on financial regulatory issues arising from cloud services.
Keywords: Americas, US, Banking, Regtech, Fintech, Cloud Adoption, Cloud Service Providers, Cyber Risk, Systemic Risk, Concentration Risk, IT Risk, US Treasury
Across 35 years in banking, Blake has gained deep insights into the inner working of this sector. Over the last two decades, Blake has been an Operating Committee member, leading teams and executing strategies in Credit and Enterprise Risk as well as Line of Business. His focus over this time has been primarily Commercial/Corporate with particular emphasis on CRE. Blake has spent most of his career with large and mid-size banks. Blake joined Moody’s Analytics in 2021 after leading the transformation of the credit approval and reporting process at a $25 billion bank.
Previous ArticleBoE Publishes Policy on Outsourcing and Third-Party Risk for FMIs
Next ArticleBIS Innovation Hub Sets Out Work Priorities for 2023
FINMA Approves Merger of Credit Suisse and UBS
The Swiss Financial Market Supervisory Authority (FINMA) has approved the takeover of Credit Suisse by UBS.
BOE Sets Out Its Thinking on Regulatory Capital and Climate Risks
The Bank of England (BOE) published a working paper that aims to understand the climate-related disclosures of UK financial institutions.
OSFI Finalizes on Climate Risk Guideline, Issues Other Updates
The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.
APRA Assesses Macro-Prudential Policy Settings, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) published an information paper that assesses its macro-prudential policy settings aimed at promoting stability at a systemic level.
BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending
BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.
HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks
The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.
MFSA Sets Out Supervisory Priorities, Issues Reporting Updates
The Malta Financial Services Authority (MFSA) outlined its supervisory priorities for 2023
German Regulators Issue Multiple Reporting Updates for Banks
Deutsche Bundesbank published the nationally deactivated validation rules for the German Commercial Code (HGB) users on the taxonomy 3.2, which became valid from December 31, 2022
BCBS Report Examines Impact of Basel III Framework for Banks
The Basel Committee on Banking Supervision (BCBS) published results of the Basel III monitoring exercise based on the June 30, 2022 data.
PRA Consults on Prudential Rules for "Simpler-Regime" Firms
Among the recent regulatory updates from UK authorities, a key development is the first-phase consultation, from the Prudential Regulation Authority (PRA), on simplifications to the prudential framework that would apply to the simpler-regime firms.