US financial services regulators have warned banks that they need to put in more robust controls if they plan to use third party cloud services.
With banks increasingly attracted to outsourced cloud computing as a way to cut costs and improve flexibility and scalability, the Federal Financial Institution Examination Council Agencies (FFIEC) has issued a statement stressing that the associated risks of the technology need to be considered.
Use of third parties does not diminish the responsibility of firms to make sure that the outsourced work is "conducted in a safe and sound manner and in compliance with applicable laws and regulations".
This means carrying out full due diligence and risk assessment, covering things such as vendor management, information security, audits, legal and regulatory compliance, and business continuity planning.
While the benefits may outweigh the concerns for some, concludes the FFIEC: "As with other service provider offerings, cloud computing may not be appropriate for all financial institutions."
Read the full statement here:
Download the document now 56 kb (PDF File)