Cloud Outsourcing Issues and Considerations
Dated: July 17, 2024
The Financial Sector Cloud Outsourcing Issues and Considerations document seeks to address challenges related to transparency, resource gaps, exposure to operational incidents originating at cloud service providers (CSPs), and contract negotiation dynamics.
The document, authored collectively by the Financial Services Sector Coordinating Council (FSSCC) Cloud Outsourcing Issues and Considerations Workstream and the American Bankers Association (ABA) with support from the Securities Industry and Financial Markets Association (SIFMA), identifies a non-exhaustive list of key considerations for developing contractual provisions between financial institutions and CSPs to address risks, regulatory and supervisory compliance expectations when using cloud services. These key considerations should be used as a voluntary reference tool by financial institutions during the contract negotiation phase of onboarding a CSP to appropriately address cybersecurity, resilience, and third party-due diligence expectations, and to enable compliance with growing financial services regulatory requirements and supervisory expectations.
This document addresses challenges raised in the U.S. Treasury report, Financial Services Sector’s Adoption of Cloud Services. It is part of a suite of documents published by a public-private partnership that are intended to arm financial institutions of all sizes with effective practices for secure cloud adoption and operations, and to establish a continuing effort and partnership to begin to address the gaps identified in Treasury’s report.