House committee urges oversight of consumer data stored in the ‘cloud’
Large banks and lenders will likely move most, if not all, of their computing needs to cloud platforms within the next five to ten years.
In response, regulators are scrutinizing how banks are hosting mass amounts of consumer data in the “cloud,” according to a hearing today with the Task Force on Artificial Intelligence of the House Financial Services Committee.
Financial institutions mainly adopt cloud computing because of the benefits found in managing IT, compliance with regulatory requirements, and situations that require high-performance computing. However, migrating away from data centers and systems increases operational risks, especially without in-depth regulatory examination or guidelines, the Task Force said during the hearing.
Operational risk refers to internal controls, people, systems and external events, including cyber risks like data breaches, insufficient customer data backups, and operating system hijackings, the Task Force said, noting that the July 2019 Capital One cybersecurity breach illustrates how operational risks have the potential of causing harm to consumers.
“Somewhere in never-never land there is a cloud taking care of my financial information,” said Rep. Sylvia Garcia (D-Texas) during the hearing, noting that there needs to be better training for cloud computing employees.
Moreover, as financial institutions become dependent on digital infrastructure, those that lack the in-house expertise to set up and maintain technologies are increasingly relying on third-party services, including cloud service providers.
“If a financial institution uses a third-party cloud service, regulators expect the activities performed by the cloud provider to meet the same regulatory requirements as if they were performed by the bank itself,” the Task Force said.
One point of contention is a lack of clarity around liability, whether it’s the bank or third-party service provider, said Rep. Anthony Gonzalez (D-Ohio). “There is this finger-pointing going on, and there is a gap between who bears the liability and who bears the cost,” he said.
To that end, the Task Force suggests a collaborative approach between regulators, banks and technology companies with a focus on security around the lifecycle of the data itself.
“This scares me more than Dracula,” said Rep. Emanuel Cleaver (D-Mo.) on the cybersecurity threat landscape. The Task Force has drafted legislation — the Strengthening Cybersecurity for Financial Sector Act of 2019 — to combat the issues presented during the hearing.
Join us for Auto Finance Summit 2019, October 28-30 at the Bellagio Las Vegas. The summit continues to bring together the best and brightest executives in auto lending and leasing for unparalleled networking and education. Register now at www.autofinancesummit.com.
