Mar 11 2022

How the Cloud Can Help Financial Institutions Manage Regulatory Compliance

Data privacy is highly regulated in the financial services sector, and cloud computing can help organizations remain in compliance with complex requirements.

The use of cloud service providers (CSPs) in the financial services industry continues to become more widespread. In a recent blog post, the American Bankers Association cites a recent study by the Cloud Security Alliance that reveals “91 percent of financial services organizations are actively using cloud services or plan to employ them within six to nine months.” And according to Deloitte, “Cloud computing can help banks and financial services firms meet ever-evolving regulatory reporting requirements … in multiple operating jurisdictions — a critically important capability in an industry where cross-border transactions are the norm.”

Deloitte also notes that “Cloud solutions can also help banks conduct intraday liquidity and risk calculations, and mine trade surveillance data to detect anti-money laundering and other fraud issues. A cloud platform enables data-brokering placement capabilities based on data criticality and Certified Safety Professional certifications.”

Click the banner below to unlock exclusive cloud content when you register as an Insider.

Some Financial Institutions Hesitate on Migrating to the Cloud

Banks and other financial institutions constantly collect and handle highly sensitive data and are therefore subject to significant regulatory oversight. As these organizations move their data to the cloud, even more regulation comes into play.

As the ABA notes, “As cloud adoption in the financial services industry has increased, regulators are becoming more knowledgeable about how firms are relying on cloud service providers without sacrificing the rigor required in risk management and compliance practices.”

Zac Maufe, managing director of financial services for Google Cloud, writes in a recent blog post that the barriers to cloud adoption vary, “from the complexity of legacy systems to trust and skills gaps, regulatory uncertainty and fragmentation of compliance requirements.” 

He points out that “certain regulator-induced challenges, including the complexity of sectorial compliance frameworks and fragmentation, create hurdles to cloud adoption for financial services companies.”

READ MORE: Learn how financial services can avoid compliance issues in the cloud.

How Cloud Computing Can Assist Banks with Regulatory Compliance

In recent years, widely reported cyberattacks have heightened the security concerns harbored by regulators. The ABA acknowledges that regulators are keenly aware of the vulnerability of financial institutions. But the cloud may be just the answer financial institutions are looking for to address regulatory concerns over data security.

“Moving data and services from a bank’s dedicated legacy infrastructure to a multi-tenant cloud environment, if properly configured, can provide additional layers of security for the institution and decrease its systemic risk,” according to the ABA blog.

Maufe writes that financial services firms should continue migrating more core workloads to the cloud and consider multicloud and hybrid cloud strategies. “Such strategies enhance resiliency of existing IT infrastructure,” he notes. He also suggests that regulators could assist with compliance by providing additional clarity and guidance.

LEARN MORE: Find out how cloud security posture management can help banks protect their data.

CSPs Offer Assurance to Assist with Regulatory Compliance

Maufe expressed Google Cloud’s commitment to “working with financial services customers and regulators to provide them with controls and assurances on risk management, data locality, transparency, and compliance.”

And Google isn’t the only CSP hoping to ease the regulatory burden for financial institutions. John Duigenan, global CTO for financial services at IBM, said in a recent interview with the company’s blog that IBM has created regulatory configurations “to ensure you could never deploy an unsecure service where data, for example, could be accessed in an unencrypted form.”

Microsoft also offers compliance assurances with its Azure offerings. According to a post from the company, “Azure compliance offerings are based on various types of assurances, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments, and customer guidance documents produced by Microsoft.”

metamorworks/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.