WASHINGTON – Today, the U.S. Department of the Treasury and the Financial Services Sector Coordinating Council (FSSCC) published a suite of resources to share with financial services institutions on effective practices for their secure cloud adoption journey. These deliverables are the result of a year-long public-private partnership of the Financial and Banking Information Infrastructure Committee (FBIIC) and the FSSCC.
To provide leadership support for this joint effort the U.S. Department of the Treasury established the Cloud Executive Steering Group (CESG) in May 2023 at the direction of the Financial Stability Oversight Council (FSOC), to help close the gaps identified in Treasury’s landmark report on the Financial Services Sector’s Adoption of Cloud Services. The documents published today are intended to arm financial institutions of all sizes with effective practices for secure cloud adoption and operations, and to establish a continuing effort and partnership to begin to address the gaps identified in Treasury’s report, which include:
“The completion of these two efforts is the culmination of nearly two years of collaboration to further protect our financial system,” said Deputy Secretary of the Treasury, Wally Adeyemo. “The CESG is now a proven model and a new way for the financial services sector to effectively address our most significant cybersecurity challenges.”
“Our financial system is essential infrastructure for the entire economy, and it is deeply reliant on a handful of powerful Big Tech cloud service providers,” said Consumer Financial Protection Bureau Director Rohit Chopra. “Our work will help protect the financial industry from outages and disruption by leveling the playing field between financial firms of all sizes and big cloud service providers.”
“Banks and other financial services firms know they must adapt to new technologies, but many have been uncertain as to how to do so safely and soundly,” said Acting Comptroller of the Currency Michael J. Hsu. “Today’s publications mark a significant step forward by providing a roadmap and helpful resources for banks of all sizes. These documents also clarify cloud service providers’ responsibilities for ensuring a secure and resilient financial system.”
“These documents are an important step forward in the CESG’s effort to make the cloud safer and more resilient within and beyond the financial services industry,” said Bill Demchak, Chairman and CEO, PNC Financial Services Group. “The strong partnership between public- and private-sector leaders allows us to take a more holistic, collaborative approach to defending against evolving threats.”
The CESG model represents an unprecedented level of public-private partnership between Treasury, FBIIC, FSSCC, and cloud service providers (CSPs). Clear explanations for the utility and application of the documents can be found here, on the U.S. Treasury website. The website also includes links to the FSSCC-led outputs so that financial institutions can consult them at any part of their cloud services adoption journey and risk management process.
The FSSCC led the following workstreams:
The FBIIC led the following workstreams:
This collective set of deliverables is intended to highlight opportunities to leverage CESG deliverables into the broader regulatory, oversight, and examination schema, and strengthen the shared responsibility model for cloud services provision in the financial services sector.
Under joint FBIIC and FSSCC leadership, the U.S. Treasury and FSSCC plan to publish additional items related to cloud cyber incident response coordination and cloud concentration risk as they are completed throughout the year.
For more information on the published cloud effort documents, please go to: https://home.treasury.gov/about/offices/domestic-finance/financial-institutions/cloud-executive-steering-group
*The Financial and Banking Information Infrastructure Committee, or FBIIC, is a committee consisting of 18 member organizations from across the regulatory community at both the federal and state level. The Department of the Treasury’s Assistant Secretary for Financial Institutions chairs the committee. [ https://www.fbiic.gov/ ]
**The Financial Services Sector Coordinating Council, or FSSCC, is an industry-led, non-profit organization that coordinates critical infrastructure and homeland security activities within the financial services industry. Their members consist of financial trade associations, financial utilities, and the most critical financial firms. [ https://fsscc.org/ ]
###
WASHINGTON—The Office of the Comptroller of the Currency (OCC) today published its 2024 Annual Report.…
WASHINGTON—The Office of the Comptroller of the Currency (OCC) today released enforcement actions taken against…
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned…
WASHINGTON — Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) is…
WASHINGTON — Today, the United States Department of the Treasury is imposing sanctions on four…
WASHINGTON – Today, the U.S. Department of the Treasury (Treasury) released a report following the issuance of…