Data placement in the cloud and regulations for US financial services

As momentum builds behind public cloud infrastructure solutions, even highly regulated industries like financial services are exploring their options. While regulations and security are often seen as stumbling blocks for public cloud acceptance in financial services, reviewing available information on U.S. regulatory guidance and privacy law suggests there may be ways to move into the cloud in compliance-friendly ways. This article, of course, should not replace input from appropriate legal advisors. The research behind this article focused on privacy law and requirements around U.S. banks rather than international issues that might arise from data placement in the cloud. 

The U.S. banking industry has several regulatory bodies, including the Federal Reserve Board, the Federal Deposit Insurance Corporation, The National Credit Union Administration, the Office of the Comptroller of the Currency, and the Consumer Financial Protection Bureau. A consortium group called the Federal Financial Institutions Examination Council maintains a clearing house for guidance and regulatory information from the various regulators. On July 10, 2012, the Council issued a press release with guidance on public cloud utilization in banking. 

The core of the guidance is public cloud risk management should follow the same risk management principles as any outsourcing contract.  “The Federal Financial Institution Examination Council Agencies consider cloud computing to be another form of outsourcing with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing.”

The Council calls out some specific areas for attention by regulated entities.

The Council makes special reference to legal considerations, and it is worth a deeper exploration of what those are. The primary privacy regulations affecting U.S. financial services are contained in the Gramm-Leach-Bliley Act (GLB).  GLB originated as a response to concerns about banks sharing detailed account-holder information with third parties for marketing or cross-selling purposes. 

The act basically specifies handling requirements around data deemed personally identifiable and non-public. It bars sharing such data with third parties without explicit agreement from customers. GLB applies to a broad range of U.S. financial services including banks, mortgage originators and servicers, consumer credit agencies, et al.

Because outsourcing infrastructure provisioning to a public cloud is, almost by definition, allowing 3rd party access to data, some specifics about GLB merit a closer look.

 

Share it:
Share it:

[Social9_Share class=”s9-widget-wrapper”]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You Might Be Interested In

CIO Playbook: Become a Transformational Chief Information Officer

23 Jun, 2020

The evolving role of the CIO has undergone a drastic metamorphosis to keep up with changing organizational cultures and expectations …

Read more

Essential hyper-converged cloud questions answered

7 Mar, 2019

The cloud and hyper-converged infrastructure virtualize resources in similar ways. It is, in large part, this shared trait that has …

Read more

Wiz launches open database to track cloud vulnerabilities

8 Jul, 2022

Wiz launched a community-driven database to improve reporting and transparency for cloud vulnerabilities, which are sometimes swept under the rug. …

Read more

Do You Want to Share Your Story?

Bring your insights on Data, Visualization, Innovation or Business Agility to our community. Let them learn from your experience.

Get the 3 STEPS

To Drive Analytics Adoption
And manage change

3-steps-to-drive-analytics-adoption

Get Access to Event Discounts

Switch your 7wData account from Subscriber to Event Discount Member by clicking the button below and get access to event discounts. Learn & Grow together with us in a more profitable way!

Get Access to Event Discounts

Create a 7wData account and get access to event discounts. Learn & Grow together with us in a more profitable way!

Don't miss Out!

Stay in touch and receive in depth articles, guides, news & commentary of all things data.