News

10:31 AM
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

FFIEC Issues Cloud Outsourcing Guidelines

The regulator says financial institutions must institute stringent controls if they are to use third-party cloud services.

The Federal Financial Institution Examination Council (FFIEC) said financial institutions must institute the proper controls if they are to outsource cloud computing services.

The FFIEC this week released new recommendations for financial institutions to follow if they consider using third-party cloud services.

"Outsourcing to a cloud service provider can be advantageous to financial institutions because of potential benefits such as cost reduction, flexibility, scalability, improved load balancing, and speed," read part of the FFIEC's statement. "Before approving any outsourcing of significant functions, it is important to ensure such actions are consistent with the institution’s strategic plans and corporate objectives approved by the board of directors and senior management."

[See Also: Building A Cloud Computing Road Map]

According to the regulator, managing a cloud computing service provider may require additional controls if the servicer is unfamiliar with the financial industry and the financial institution’s legal and regulatory requirements for safeguarding customer information and other sensitive data. Additionally, the use of such a servicer may present risks, such as if the servicer is not implementing changes to meet regulatory requirements.

"Cloud computing may require more robust controls due to the nature of the service." said the FFIEC. "When evaluating the feasibility of outsourcing to a cloud-computing service provider, it is important to look beyond potential benefits and to perform a thorough due diligence and risk assessment of elements specific to that service. Vendor management, information security, audits, legal and regulatory compliance, and business continuity planning are key elements of sound risk management and risk mitigation controls for cloud computing. As with other service provider offerings, cloud computing may not be appropriate for all financial institutions."

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Trappler
50%
50%
Thomas Trappler,
User Rank: Apprentice
7/19/2012 | 5:33:48 PM
re: FFIEC Issues Cloud Outsourcing Guidelines
The course GǣContracting for Cloud Computing ServicesGǥ is designed to help organizations effectively mitigate the risks associated with cloud computing as described in the FFIEC paper. For more details regarding this course, please see http://www.thomastrappler.com.
Thomas Trappler
50%
50%
Thomas Trappler,
User Rank: Apprentice
7/19/2012 | 5:27:33 PM
re: FFIEC Issues Cloud Outsourcing Guidelines
The course GǣContracting for Cloud Computing ServicesGǥ is designed to help organizations effectively mitigate the risks associated with cloud computing as described in the FFIEC paper. For more details regarding this course, please see http://www.thomastrappler.com.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.