The U.S. Treasury, in partnership with the Financial Services Sector Coordinating Council (FSSCC), has launched a comprehensive set of resources tailored for financial institutions to enhance cloud adoption security and efficiency.
Developed over a year in collaboration with the Financial and Banking Information Infrastructure Committee (FBIIC), these guidelines represent a significant advancement in cybersecurity and operational resilience.
A key component of this effort was the creation of the Cloud Executive Steering Group (CESG) by the Treasury in May 2023, following directives from the Financial Stability Oversight Council (FSOC).
“Banks and other financial services firms know they must adapt to new technologies, but many have been uncertain as to how to do so safely and soundly. Today’s publications mark a significant step forward by providing a roadmap and helpful resources for banks of all sizes. These documents also clarify cloud service providers’ responsibilities for ensuring a secure and resilient financial system,” Acting Comptroller of the Currency Michael J. Hsu said.
The resources released by the Treasury are designed to help financial institutions of all sizes with effective practices for secure cloud adoption and operations, and to establish a continuing effort and partnership to begin to address the gaps identified in Treasury’s report, which include:
Establishing a common lexicon that may be used by financial institutions and regulators in discussions regarding cloud.
Enhancing information sharing and coordination for examination of cloud service providers.
Assessing existing authorities for cloud service provider (CSP) oversight.
Establishing best practices for third-party risk associated with cloud service providers, outsourcing, and due diligence processes to increase transparency.
Providing a roadmap for institutions considering comprehensive or hybrid cloud adoption strategies including an update to the Financial Sector’s Cloud Profile.
Improving transparency and monitoring of cloud services for better security by design.
“These documents are an important step forward in the CESG's effort to make the cloud safer and more resilient within and beyond the financial services industry. The strong partnership between public- and private-sector leaders allows us to take a more holistic, collaborative approach to defending against evolving threats,” Bill Demchak, Chairman and CEO, PNC Financial Services Group, said.