Share This Page

FFIEC Joint Statement on Risk Management for Cloud Computing Services

April 30, 2020 / Source: FDIC

Financial Institution Letters

FIL-52-2020
April 30, 2020

FFIEC Joint Statement on Risk Management for Cloud Computing Services

Printable Format:

FIL-52-2020 – PDF (PDF Help)

Summary:

The FDIC, as a member of the Federal Financial Institutions Examination Council (FFIEC), is issuing the attached statement addressing the use of cloud computing services and security risk management principles in the financial services sector.

Statement of Applicability to Institutions under $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-Supervised Financial Institutions.

Highlights:

 

  • Inherent in the use of cloud computing services are shared responsibilities between the provider and the client. The attached document identifies responsibilities financial institutions would have when contracting with cloud computing providers.
  • The attached document provides examples of risk management practices for a financial institution's safe and sound use of cloud computing services and safeguards to protect its customers' sensitive information from risks that pose potential consumer harm.
  • The attached document includes a list of public and private sector resources and references that can assist financial institutions with managing cloud computing services.

Distribution:

  • FDIC-supervised financial institutions and their service providers

Suggested Routing:

  • Chief Executive Officer
  • Chief Information Officer
  • Chief Information Security Officer

Related Topics:

Contact:

Attachment:

Note:

Access FDIC Financial Institution Letters (FILs) on the FDIC's website

Subscribe to receive FILs electronically