US Treasury unveils comprehensive cloud security framework for financial services

The U.S. Treasury, in collaboration with the Financial Services Sector Coordinating Council (FSSCC), has officially released a comprehensive suite of resources tailored for financial services institutions.

This initiative is aimed at enhancing the security and efficiency of cloud adoption within the sector. The guidance, developed through a year-long collaboration between the Financial and Banking Information Infrastructure Committee (FBIIC) and the FSSCC, underscores a major step forward in cybersecurity and operational resilience.

A pivotal element of this initiative is the establishment of the Cloud Executive Steering Group (CESG) by the Treasury in May 2023, following directives from the Financial Stability Oversight Council (FSOC).

The group’s primary mission is to bridge critical gaps highlighted in a significant report by the Treasury on the sector’s cloud service adoption strategies. The released documents offer a wealth of knowledge on best practices for cloud adoption and operations, aiming to equip financial institutions of all sizes with the tools needed for secure digital transitions.

The newly published resources address several critical areas:

  • The creation of a universal lexicon to streamline discussions between financial institutions and regulators about cloud technology.
  • Enhanced strategies for the information exchange and coordinated examination of cloud service providers (CSPs).
  • A review of existing supervisory capabilities concerning CSP oversight.
  • The formulation of best practices for managing third-party risks, particularly those associated with CSPs and outsourcing ventures.
  • A detailed roadmap for financial institutions considering complete or hybrid cloud adoption, alongside an updated Financial Sector’s Cloud Profile.
  • Strategies for the improvement of transparency and the proactive monitoring of cloud services, ensuring robust security by design.

Deputy Secretary of the Treasury, Wally Adeyemo, remarked on the project’s completion as “the culmination of nearly two years of collaboration to further protect our financial system.” He praised the CESG as a new, effective model for addressing major cybersecurity challenges within the sector.

Furthermore, Consumer Financial Protection Bureau Director Rohit Chopra and Acting Comptroller of the Currency Michael J. Hsu echoed the sentiment, stressing the critical nature of the financial system’s infrastructure and the importance of safeguarding it against disruptions caused by CSPs.

Chairman and CEO of PNC Financial Services Group, Bill Demchak, highlighted the value of the strong public-private collaboration, which he believes is essential for a more holistic approach to defending against evolving threats.

These efforts are supported by the FSSCC through various workstreams, including the Cloud Profile 2.0 and the Financial Sector Cloud Outsourcing Issues and Considerations document, which help identify best practices and key considerations for contractual agreements with CSPs.

These initiatives not only define the path forward for secure cloud adoption but also establish a framework for ongoing public-private partnerships aimed at enhancing the financial sector’s resilience and security.

Copyright © 2024 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.