Intelligent Issue 07 | Page 46


There is no question that providing consumers with secure and reliable financial services means greater demand for cloud-based technologies .
to help financial firms tailor cloud services to better serve their customers and protect their information is well below demand . CSPs need to increase employee engagement experts and improve supportive technological tools and adoption frameworks that can help ensure that financial service firms design and maintain resilient , secure platforms for their customers .
3 . Exposure to potential operational incidents , including those originating at a CSP . Many financial institutions have expressed concern that a cyber vulnerability or incident at one CSP may potentially have a cascading impact across the broader financial sector . While cloud services can have potential benefits for resilience and security , financial institutions are still exposed to risks associated with technical vulnerabilities at CSPs and face practical challenges to mitigating such risks or migrating their operations to another provider .
4 . Potential impact of market concentration in cloud service offerings on the financial sector ’ s resilience . The current market is concentrated around a small number of CSPs , which means that if an incident occurs at one CSP , it could affect many financial sector clients concurrently . This concentration likely exists across banking , securities and insurance markets , but Treasury and the financial regulators need to close significant data gaps to assess how the sector might be affected by this type of incident . Nonetheless , Treasury believes that there are opportunities to enhance cooperation among financial regulators and between the public and private sectors .
5 . Dynamics in contract negotiations given market concentration . The limited number of CSPs may give CSPs outsized bargaining power when contracting with financial institutions . This outsized negotiating advantage could limit the ability of financial institutions , particularly smaller financial institutions , from negotiating advantageous contractual terms for cloud services .
6 . International landscape and regulatory fragmentation . The patchwork of global regulatory and supervisory approaches to cloud technology can make it nearly impossible for US financial institutions to adopt cloud consistently at a global scale , reducing CSP use in the market and raising costs for cloud adoption strategies , which ultimately impacts consumers . Additionally , changes in regulations abroad may subject CSPs to direct oversight by foreign financial regulators , which could create regulatory conflicts negatively impacting the quality and security of services to all CSP clients .
As part of addressing these challenges head-on , Treasury has developed recommendations that may assist the financial sector in realising the benefits of cloud services in a way that is safe , secure and responsible . To execute these recommendations , Treasury will continue working with US financial regulators and other agency partners , as well as financial firms and CSPs . It is also launching an interagency Cloud Services Steering Group within the next year that will address a number of the issues identified in the report through :
• Closer domestic cooperation among US regulators on cloud services .
• Additional tabletop exercises with the private sector .
• Development of best practices for cloud adoption frameworks and cloud contracts . �
46 www . intelligentfin . tech