OCC Bulletin 2020-46| April 30, 2020
Cybersecurity: Joint Statement on Security in a Cloud Computing Environment
Chief Executive Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties
The Office of the Comptroller of the Currency (OCC), along with the other Federal Financial Institutions Examination Council (FFIEC) members,1 today issued a joint statement addressing the use of cloud computing services in the financial services sector. Security breaches involving cloud computing services highlight the importance of bank2 management's understanding of the shared responsibilities between cloud service providers and bank clients. Consistent with the joint statement, the OCC expects banks to engage in effective risk management for safe and sound cloud computing. This statement does not contain new regulatory expectations.
Note for Community Banks
The joint statement applies to community banks that use cloud computing services.
The joint statement
- reminds management about the importance of understanding the division of responsibilities for implementing and managing controls over cloud computing operations that can result in operational failures or security breaches.
- highlights risk management practices and controls for the safe and sound use of cloud computing services.
- provides a list of government and industry resources and references to assist financial institutions using cloud computing services.
Please contact Kevin Greenfield, Deputy Comptroller for Operational Risk, at (202) 649-6550.
Grovetta N. Gardineer
Senior Deputy Comptroller for Bank Supervision Policy
1The FFIEC comprises the principals of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee.
2The term "banks" refers collectively to national banks, federal savings associations, and federal branches and agencies of foreign banking organizations.