Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:31 AM
Connect Directly

FFIEC Issues Cloud Outsourcing Guidelines

The regulator says financial institutions must institute stringent controls if they are to use third-party cloud services.

The Federal Financial Institution Examination Council (FFIEC) said financial institutions must institute the proper controls if they are to outsource cloud computing services.

The FFIEC this week released new recommendations for financial institutions to follow if they consider using third-party cloud services.

"Outsourcing to a cloud service provider can be advantageous to financial institutions because of potential benefits such as cost reduction, flexibility, scalability, improved load balancing, and speed," read part of the FFIEC's statement. "Before approving any outsourcing of significant functions, it is important to ensure such actions are consistent with the institution’s strategic plans and corporate objectives approved by the board of directors and senior management."

[See Also: Building A Cloud Computing Road Map]

According to the regulator, managing a cloud computing service provider may require additional controls if the servicer is unfamiliar with the financial industry and the financial institution’s legal and regulatory requirements for safeguarding customer information and other sensitive data. Additionally, the use of such a servicer may present risks, such as if the servicer is not implementing changes to meet regulatory requirements.

"Cloud computing may require more robust controls due to the nature of the service." said the FFIEC. "When evaluating the feasibility of outsourcing to a cloud-computing service provider, it is important to look beyond potential benefits and to perform a thorough due diligence and risk assessment of elements specific to that service. Vendor management, information security, audits, legal and regulatory compliance, and business continuity planning are key elements of sound risk management and risk mitigation controls for cloud computing. As with other service provider offerings, cloud computing may not be appropriate for all financial institutions."

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.