OCC Bulletin 2020-46| April 30, 2020

Cybersecurity: Joint Statement on Security in a Cloud Computing Environment

To

Chief Executive Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties

Summary

The Office of the Comptroller of the Currency (OCC), along with the other Federal Financial Institutions Examination Council (FFIEC) members,1 today issued a joint statement addressing the use of cloud computing services in the financial services sector. Security breaches involving cloud computing services highlight the importance of bank2 management's understanding of the shared responsibilities between cloud service providers and bank clients. Consistent with the joint statement, the OCC expects banks to engage in effective risk management for safe and sound cloud computing. This statement does not contain new regulatory expectations.

Note for Community Banks

The joint statement applies to community banks that use cloud computing services.

Highlights

The joint statement

  • reminds management about the importance of understanding the division of responsibilities for implementing and managing controls over cloud computing operations that can result in operational failures or security breaches.
  • highlights risk management practices and controls for the safe and sound use of cloud computing services.
  • provides a list of government and industry resources and references to assist financial institutions using cloud computing services.

Further Information

Please contact Kevin Greenfield, Deputy Comptroller for Operational Risk, at (202) 649-6550.

 

Grovetta N. Gardineer
Senior Deputy Comptroller for Bank Supervision Policy

Related Link

1The FFIEC comprises the principals of the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, and State Liaison Committee.

2The term "banks" refers collectively to national banks, federal savings associations, and federal branches and agencies of foreign banking organizations.