On April 30, 2020, the FFIEC issued a statement on risk management for cloud computing services and security risk management principles in the financial services sector. The new statement highlights examples of risk management practices for a financial institution’s safe and sound use of cloud computing services and safeguards to protect customers’ sensitive information from risks that pose potential consumer harm. The statement also provides a list of government and industry resources and references to assist financial institutions using cloud computing services.
The FFIEC joint statement can be found here.