Dive Brief:
-
Lawmakers are looking at Amazon Web Services and other big cloud providers in the context of banking safety. That could eventually affect your use of cloud services if federal scrutiny is stepped up.
-
Reps. Katie Porter, D-CA, and Nydia Velazquez, D-NY, wrote last week in a letter to Treasury Secretary Steven Mnuchin that Amazon Web Services' (AWS) role in the Capital One data breach should prompt financial regulators to consider designating the three leading cloud providers — AWS, Microsoft Azure and Google Cloud — as systemically important financial market utilities.
-
100% of financial institutions use cloud services in some capacity, the letter states, citing a 2016 McKinsey report. The three top cloud service providers own a 57% share of the market, according to ITPro Today.
Dive Insight:
In their letter, the congresswomen said regulatory enforcement of cloud service providers is insufficient, and they cited Federal Reserve examiners' April visit to an Amazon facility in support of that contention.
Given the additional regulatory oversight the federal government gives to banks considered systemically important, the letter said, it's appropriate for regulators to consider whether the cloud platforms the banks use should also be considered systemically important.
They said the Financial Stability Oversight Council should consider four factors when determining whether an institution is systemically important:
-
The aggregate monetary value of the transactions it processes.
-
Its relationships with other financial market utilities.
-
The effect that a failure or disruption would have on critical markets and the financial system at large.
-
The exposure of the company to its counterparties.
"Though the cloud service providers at issue may not process monetary transactions directly, their operational stability underpins an increasing share of banks’ central functions," Porter and Velazquez wrote.
Bank of America, for example, aims in the next few years to deliver "80 percent of its technological workload" via the cloud, according to a 2017 Microsoft release. (Bank of America partners with Azure for its cloud services.) A disruption to Azure, then, would paralyze 80% of BofA's functions, the lawmakers said. Such an event would erode public confidence.
Porter and Velazquez further point to the use of cloud services by government agencies, citing a pending $10 billion Defense Department cloud computing contract. A failure there could be a threat to national security, they said.
The Bank Service Company Act gives the Fed limited oversight of nonbank vendors that provide the software to run banks' deposit and loan platforms, the letter said. But when agency representatives visited the Amazon facility, they were "chaperoned" by an Amazon employee, allowed to review certain documents on Amazon laptops but not permitted to take anything with them, the letter said. "The perfunctory review of a handful of Amazon-selected documents over the course of a few hours, on-site, is not meaningful oversight," Porter and Velazquez wrote.
The lawmakers asked Mnuchin to respond by Sept. 15.
Although designating major cloud platforms as systemically important would apply to their role in hosting large bank operations, additional security measures the platforms put in place could one day have an impact on other operations hosted on the sites.
