The U.S. Department of the Treasury launched a new public-private partnership that is dedicated to bolstering regulatory and private sector cooperation.
This new partnership, called the Cloud Executive Steering Group (CESG), is part of the Treasury’s Financial Services Sector’s Adoption of Cloud Services report released in February.
The initiative seeks to ensure that Treasury, financial federal regulators, and the financial sector work together to address challenges associated with the increasing trend of cloud adoption identified in the report.
The new CESG will report out to the Financial Stability Oversight Council (FSOC), Financial and Banking Information Infrastructure Committee (FBIIC), and the Financial Services Sector Coordinating Council (FSSCC).
The CESG will be chaired by leaders in the financial sector with deep knowledge of cybersecurity needs of the financial services sector. Member agencies and firms of the FBIIC and FSSCC will serve as leads for the partnerships launched by the CESG.
The CESG co-chairs are Graham Steele, Treasury assistant secretary for financial institutions; Michael Hsu, acting Comptroller of the Currency; Rohit Chopra, director of Consumer Financial Protection Bureau; Bill Demchak, CEO of PNC Financial Services; and Ron Green, chair of Financial Services Sector Coordinating Council and chief security officer of Mastercard.
“This unprecedented collaboration among financial regulators and the private sector will bring thoughtful and lasting solutions to the cloud-based opportunities and challenges Treasury has identified,” Deputy Secretary of the Treasury Wally Adeyemo said. “American consumers and financial institutions will benefit from these cloud adoption efforts for years to come.”
The key objectives of the CESG include:
• Documenting effective practices for cloud third-party risk, outsourcing, and due diligence processes to increase transparency, led by the FSSCC;
• Developing a “best practices” document for institutions considering “all in” or hybrid cloud adoption strategies including an update to the Financial Sectors’ Cloud Profile, led by the FSSCC;
• Improving transparency and monitoring of cloud services for better “Security by Design,” led by the FSSCC;
• Establishing a common set of terms and definitions that can be used by financial institutions and regulators, led by the Office of the Comptroller of the Currency;
• Enhancing information sharing and coordination for supervision and examination of financial institutions, led by the Consumer Financial Protection Bureau; and
• Determining if existing authorities for cloud service provider oversight are sufficient and account for systemic risks, led by the Treasury Department.
Treasury will provide regular updates to the FSOC and FBIIC senior leaders to ensure alignment across the financial regulatory community. Treasury will also issue public updates on this effort as progress is made on the various projects.