Both public and private organizations want to keep cloud-based financial systems from turning into big storms for everyone involved.

The U.S. Department of the Treasury and the Financial Services Sector Coordinating Council (FSSCC) recently published a suite of resources to share with financial services institutions on effective practices for their secure cloud adoption journey.

These resources are the result of a year-long public-private partnership of the Financial and Banking Information Infrastructure Committee (FBIIC) and the FSSCC, which was established in 2002 by financial institutions to work collaboratively with key government agencies while coordinating critical infrastructure and homeland security activities within the financial services industry.

To provide leadership support for this joint effort the U.S. Department of the Treasury established the Cloud Executive Steering Group (CESG) in May 2023 at the direction of the Financial Stability Oversight Council (FSOC), to help close the gaps identified in Treasury’s report on the Financial Services Sector’s Adoption of Cloud Services.

“These documents are an important step forward in the CESG’s effort to make the cloud safer and more resilient within and beyond the financial services industry,” Bill Demchak, chairman and CEO of PNC Financial Services Group, said in news release from the Treasury Department.

“The strong partnership between public- and private-sector leaders allows us to take a more holistic, collaborative approach to defending against evolving threats,” Demchak continued.

The documents published are intended to arm financial institutions of all sizes with effective practices for secure cloud adoption and operations, and to establish a continuing effort and partnership to begin to address the gaps identified in Treasury’s report, which include:

—Establishing a common lexicon that may be used by financial institutions and regulators in discussions regarding cloud.

—Enhancing information sharing and coordination for examination of cloud service providers.

—Assessing existing authorities for cloud service provider (CSP) oversight.

—Establishing best practices for third-party risk associated with cloud service providers, outsourcing, and due diligence processes to increase transparency.

—Providing a roadmap for institutions considering comprehensive or hybrid cloud adoption strategies including an update to the Financial Sector’s Cloud Profile.

—Improving transparency and monitoring of cloud services for better “security by design.”

“The completion of these two efforts is the culmination of nearly two years of collaboration to further protect our financial system,” Deputy Secretary of the Treasury Wally Adeyemo said. “The CESG is now a proven model and a new way for the financial services sector to effectively address our most significant cybersecurity challenges.”

Consumer Financial Protection Bureau director Rohit Chopra said, “Our financial system is essential infrastructure for the entire economy, and it is deeply reliant on a handful of powerful Big Tech cloud service providers.

“Our work will help protect the financial industry from outages and disruption by leveling the playing field between financial firms of all sizes and big cloud service providers,” Chopra continued.

And acting Comptroller of the Currency Michael Hsu added, “Banks and other financial services firms know they must adapt to new technologies, but many have been uncertain as to how to do so safely and soundly.

“Today’s publications mark a significant step forward by providing a roadmap and helpful resources for banks of all sizes. These documents also clarify cloud service providers’ responsibilities for ensuring a secure and resilient financial system,” Hsu went on to say.

For more information on the published cloud effort documents, go to this website.