Federal Financial Agencies Issue Cautionary Statement on Financial Institution Cloud Computing Services

more+
less-
more+
less-

On July 11, 2012, the federal financial regulatory agencies (“Agencies”), through the Federal Financial Institutions Examination Council (“FFIEC”), issued a joint interagency statement (“Statement”) on the use by financial institutions of outsourced cloud computing services, and the key risks associated with such services. The Statement, the substance of which is also being incorporated into the FFIEC’s Information Technology Examination Handbook (“IT Handbook”), is the first formal federal financial agency statement on the matter of cloud computing, a subject that has garnered substantial attention in the financial services industry but that, to date, has not been formally addressed by the federal financial regulators. In general, the Statement reaffirms that the fundamentals of existing risk and risk management requirements that currently are applicable to financial institution outsourcing of IT services apply equally to outsourced cloud-based services, while identifying certain risks that, in the Agencies’ view, are of particular concern with respect to such services.

Cloud Computing – An Overview

Cloud computing is an IT delivery model where IT services are provided to users from remote servers and facilities over the Internet rather than through owned or leased IT servers and platforms. The cloud technology offers important benefits to users, including the chance for significant cost savings and operational efficiencies; flexibility in deployment; ready access to information systems, applications, and data; better backup services; and faster and more responsive upgrade functionalities. Through cloud computing services, users have the ability to outsource all or part of their IT hardware architecture (infrastructure as a service, or IaaS), operating systems and platforms (platform as a service, or PaaS), or software applications (software as a service, or SaaS) as they choose. “Clouds” can be private, where the services are operated solely for one organization (or a small group of organizations, which some refer to as “community” clouds), typically on a dedicated or partitioned platform; public, where the services are shared by numerous customers, and typically operated on a shared platform; or hybrid, which entails a combination of private and public cloud services.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Topics:  Cloud Computing, FFIEC, Outsourcing

Published In: Administrative Agency Updates, General Business Updates, Finance & Banking Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Morrison & Foerster LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »