Compushare Responds to FFIEC Statement on Cloud Computing

En anglais seulement

As you may have seen, the FFIEC just released a joint four-page Outsourced Cloud Computing resource document for informational purposes (Click to Read the full statement available at: This statement issued by the Federal Reserve Board, Federal Deposit Insurance Corp. and Office of the Comptroller of the Currency is one of the first such documents to directly call out key elements of cloud computing outsourcing that banks need to consider prior to migrating to a cloud solution. Given that Compushare’s Cloud Computing (C³) solution is the only on-demand fully hosted cloud computing solution designed specifically for the financial market, we thought it would be appropriate to respond to the recent statement and share our concurrence with the regulating agencies.

In the information statement, the FFIEC Information Technology Subcommittee noted that the FFIEC Agencies “…consider cloud computing to be another form of outsourcing with the same basic risk characteristics and risk management requirements as traditional forms of outsourcing.” The resource document goes on to point out that while “outsourcing to a cloud service provider can be advantageous to financial institutions because of potential benefits such as cost reduction, flexibility, scalability, improved load balancing, and speed, financial institutions must still perform due diligence to insure that the provider meets the necessary strict requirements for data encryption, segregation, and recoverability.”

Compushare couldn’t agree more. The FFIEC statement demonstrates how important it is for banks to focus on selecting the right cloud provider with in-depth experience and expertise in the financial industry that has the proper controls in place to satisfy the financial institution’s legal and regulatory requirements for safeguarding customer information and other sensitive bank data. Our (C³) Cloud Computing solution allows financial institutions to do just that. Compushare is the first to be able to offer this category-defining solution so financial institutions can realize all of the benefits from a provider with over 16 years of experience in the financial industry, focused on satisfying regulatory requirements, significant operational soundness (through tight controls and third party reviews and audits such as SSAE16 – SOC II and FDIC Review) and business resiliency.

This new statement issued by the FFIEC provides an overview of the benefits and risks of outsourced cloud computing and considerations to take when selecting a provider. The document warns against public cloud usage or engaging cloud providers unfamiliar with the financial industry and its closely regulated environment. In addition, it advises against using a provider unable or unwilling to meet regulatory requirements or with inadequate financial industry controls and risk monitoring. The statement also cautions that “A financial institution’s ability to assess compliance may be more complex and difficult in an environment where the cloud computing service provider processes and stores data overseas or co-mingles the financial institution’s data with data from other customers that operate under diverse legal and regulatory jurisdictions.” Compushare’s US-based Cloud infrastructure has been designed and built from the ground up – with ‘baked in’ security controls, audit trails and reporting. We are the only provider with a Tier 1 community cloud geared toward banks and other financial enterprises. (C³) has top-notch information security solutions embedded in the cloud with all the benefits of economies of scale, compliance, full disaster recovery, and has the ability to run a vast array of specialty applications needed by today’s banks and financial service providers.

Compushare was encouraged by the statement released by the FFIEC as it further demonstrates that cloud computing for financial institutions is reaching critical mass and the benefits of the cloud are far too compelling to ignore. In the coming days, Compushare will publish a more detailed white paper that will help provide further guidelines for banks that are, or may be considering, a cloud solution in the future.

Thank you,

Michael Barrack, Director IT Security and Compliance
Compushare, Inc.