Estimated reading time: 2 minutes, 44 seconds

A federal best practices body recently issued a statement warning the financial services sector not to take cloud computing safety for granted. According to a message from the Federal Financial Institutions Examination Council (FFIEC), penned on behalf of its members, banks are urged to implement proper security controls and ensure management understands “shared responsibilities between cloud service providers and their financial institution clients.”

download 2013195 640small“The statement does not contain new regulatory expectations, though it highlights that management should not assume that effective security and resilience controls exist simply because the technology systems are operating in a cloud computing environment,” according to the council.

Specifically, some of the risks financial institutions might encounter come from a lack of understanding of the terms laid out in contracts with cloud service providers. Failure to understand those terms, the statement warns, could result in security breaches or operational failure.


Alex Jiménez @RAlexJimenez
"The #cybersecurity landscape for the financial service sector is changing rapidly. Here we explore the key drivers of that evolution… #fintech #finserv #banking"

The statement also calls for processes in place that allow financial institutions to “identify, measure, monitor, and control” the associated risks. “Failure to implement an effective risk management process for cloud computing commensurate with the level of risk and complexity of the financial institution’s operations residing in a cloud computing environment may be an unsafe or unsound practice and result in potential consumer harm by placing customer-sensitive information at risk.”

For additional information on risk management and best outsourcing practices, the council directs users to the Information Technology Examination Handbook’s “Outsourcing Technology Services” booklet as well as other publications from FFIEC members.

Congressional Research Service Lays Out Banking Regulation Concerns

As is the case with many emerging technologies, Congress is sometimes forced to legislate in the face of a rapidly changing landscape. As such, a recent report from the Congressional Research Service highlights the potential tradeoffs of fintech as well as how financial systems regulators are approaching issues borne from changing trends in the space.

With respect to banking, namely the proliferation of those services online, government officials are looking at, among other things, big-picture economic impacts.

“One consideration is that online companies can often quickly grow to a significant size shortly after entering a financial market. This could facilitate the rapid growth of small fintech startups, possibly through capturing market share from incumbent financial firms,” reads the report. “Adaption of information technology, however, may require significant investment, which could advantage existing firms if they have increased access to capital.”

The report also discusses the implications of large technology firms like Amazon, Apple, Google and Facebook, recently throwing their hats into the financial services game. Traditional institutions may face greater competition from these newly minted finance operations or, as the report reads, some may instead form partnerships.

“Some industry experts predict that platforms offering the ability to engage with different financial institutions from a single channel will likely become the dominant model for delivering financial services,” it reads. The concentration of services formed by the latter, though, may be cause for concern.

Further, additional complications have arisen from the transition to online financial disclosures normally filed via hardcopy and from geographic uncertainties due to internet-based financial services.

Last modified on Friday, 08 May 2020
Read 377 times
Rate this item
(0 votes)

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.
Ok Decline