WASHINGTON—The U.S. Department of the Treasury today announced the formal launch of the Cloud Executive Steering Group (CESG), a public-private partnership dedicated to bolstering regulatory and private sector cooperation. First announced as part of Treasury’s Financial Services Sector’s Adoption of Cloud Services report released in February), the multi-pronged follow-up effort aims to ensure that Treasury, financial federal regulators, and the financial sector work together to address challenges associated with the increasing trend of cloud adoption identified in the report. CESG will report out to the Financial Stability Oversight Council (FSOC), Financial and Banking Information Infrastructure Committee (FBIIC), and the Financial Services Sector Coordinating Council (FSSCC).
The CESG will be chaired by leaders in the financial sector with deep knowledge of cybersecurity needs of the financial services sector who will help lead the public private engagement, and drive a collective path forward. Member agencies and firms of the FBIIC and FSSCC will serve as leads for the partnerships launched by the CESG. The Co-Chairs of CESG are:
- Graham Steele, Treasury Assistant Secretary for Financial Institutions
- Michael Hsu, Acting Comptroller of the Currency
- Rohit Chopra, Director of Consumer Financial Protection Bureau
- Bill Demchak, Chief Executive Officer of PNC Financial Services
- Ron Green, Chair of Financial Services Sector Coordinating Council and Chief Security Officer of Mastercard
The following are key objectives of the CESG:
- Document effective practices for cloud third-party risk, outsourcing, and due diligence processes to increase transparency, led by the FSSCC.
- Develop a “best practices” document for institutions considering “all in” or hybrid cloud adoption strategies including an update to the Financial Sectors’ Cloud Profile, led by the FSSCC.
- Improve transparency and monitoring of cloud services for better “Security by Design,” led by the FSSCC.
- Establish a common set of terms and definitions that can be used by financial institutions and regulators, led by the Office of the Comptroller of the Currency.
- Enhance information sharing and coordination for supervision and examination of financial institutions, led by the Consumer Financial Protection Bureau.
- Determine if existing authorities for cloud service provider oversight are sufficient and account for systemic risks, led by the Treasury Department.
“This unprecedented collaboration among financial regulators and the private sector will bring thoughtful and lasting solutions to the cloud-based opportunities and challenges Treasury has identified,” said Deputy Secretary of the Treasury Wally Adeyemo. “American consumers and financial institutions will benefit from these cloud adoption efforts for years to come.”
Treasury will provide regular updates to the FSOC and FBIIC senior leaders to ensure alignment across the financial regulatory community. Treasury will also issue public updates on this effort on a rolling basis as progress is made on the various projects.