WASHINGTON – The U.S. Department of the Treasury and the Financial Services Sector Coordinating Council (FSSCC) have released a set of resources aimed at guiding financial services institutions on secure cloud adoption practices. This initiative results from a year-long collaboration between the Financial and Banking Information Infrastructure Committee (FBIIC) and the FSSCC.

To support this effort, the Treasury established the Cloud Executive Steering Group (CESG) in May 2023 under the guidance of the Financial Stability Oversight Council (FSOC). The aim was to address gaps identified in Treasury's report on cloud service adoption within the financial sector. The newly published documents provide effective practices for secure cloud operations and aim to establish ongoing efforts to address these gaps.

Key areas addressed include:

- Establishing a common lexicon for discussions between financial institutions and regulators regarding cloud services.

- Enhancing information sharing and coordination for examining cloud service providers.

- Assessing existing authorities for overseeing cloud service providers.

- Establishing best practices for managing third-party risks associated with cloud services, outsourcing, and due diligence processes.

- Providing a roadmap for comprehensive or hybrid cloud adoption strategies, including updates to the Financial Sector’s Cloud Profile.

- Improving transparency and monitoring of cloud services to enhance security by design.

“The completion of these two efforts is the culmination of nearly two years of collaboration to further protect our financial system,” said Deputy Secretary of the Treasury Wally Adeyemo. “The CESG is now a proven model and a new way for the financial services sector to effectively address our most significant cybersecurity challenges.”

Consumer Financial Protection Bureau Director Rohit Chopra emphasized, “Our financial system is essential infrastructure for the entire economy, and it is deeply reliant on a handful of powerful Big Tech cloud service providers. Our work will help protect the financial industry from outages and disruption by leveling the playing field between financial firms of all sizes and big cloud service providers.”

Acting Comptroller of the Currency Michael J. Hsu noted, “Banks and other financial services firms know they must adapt to new technologies, but many have been uncertain as to how to do so safely and soundly. Today’s publications mark a significant step forward by providing a roadmap and helpful resources for banks of all sizes.”

Bill Demchak, Chairman and CEO of PNC Financial Services Group, stated, “These documents are an important step forward in CESG's effort to make the cloud safer and more resilient within and beyond the financial services industry.”

The CESG model represents an unprecedented level of public-private partnership among Treasury, FBIIC, FSSCC, and CSPs. Detailed explanations can be found on the U.S. Treasury website along with links to FSSCC-led outputs.

The FSSCC led several workstreams:

1. **Cloud Profile 2.0**: Authored by FSSCC Cloud Profile Workstream and Cyber Risk Institute (CRI), this serves as an implementation plan based on NIST Cybersecurity Framework standards.

2. **Financial Sector Cloud Outsourcing Issues**: This document addresses challenges related to transparency, resource gaps, operational incidents at CSPs, contract negotiations dynamics with contributions from American Bankers Association (ABA) supported by Securities Industry Financial Markets Association (SIFMA).

3. **Transparency & Monitoring Secure-by-Design**: Authored collectively by FSSCC Transparency Workstream with FS-ISAC inputs focusing on resilience models in CSP environments.

The FBIIC also led critical initiatives:

1. **Cloud Lexicon**: A foundational document capturing prominent terms used by CSPs developed under OCC leadership.

2. **Coordinated Information Sharing & Examinations Initiative**: Led by CFPB addressing examination coordination related to CSPs.

This collective effort aims at enhancing regulatory oversight while promoting secure cloud adoption within financial services.

For more information on these documents visit [U.S. Treasury](https://home.treasury.gov/about/offices/domestic-finance/financial-institutions/cloud-executive-steering-group).