The intensifying regulation of cloud services has become a major threat to financial institutions’ growth and innovation. An overwhelming number of regional and jurisdictional mandates aimed at ensuring cloud security, data protection and privacy are consuming company resources. Compliance with these evolving and often conflicting regulatory demands has proven complicated and costly.

These cloud compliance concerns have led many firms to hire large staffs to do little other than monitor the internet for new regulations, then assess the impact and implement changes to internal controls and security frameworks. These processes are extremely labor-intensive, largely because they are handled manually. Understandably, firms have grown desperate for a better way — as have cloud service providers (CSPs), who now find themselves just as encumbered by new regulatory demands.

Developing an Industry Standard for Compliance

Every time a regulation changes or a new regulation is introduced, both CSPs and the firms that use their services have to figure out the corporate implications. Both need to ensure that they are compliant and that regulators’ security, privacy and resiliency requirements are being met, especially when noncompliance can result in hefty fines.

Today, it’s not surprising that financial services firms, CSPs and regulators share a common objective when it comes to the cloud. All want simpler, more streamlined governance, and all recognize that the answer lies in standardizing the current surplus of regulatory requirements and controls and then automating compliance.

To that end, IBM launched a groundbreaking initiative in May 2017 to build an industry-standard cloud control framework for financial services. The idea was to put together a working group of financial services stakeholders to establish standard cloud controls and requirements for each jurisdiction and use case. As of this writing, 30 financial institutions have agreed to participate in the project.

This strong show of force is indicative of the industry’s frustration with regulatory compliance and the urgent need for a solution. In fact, all but two of these firms have identified regulatory compliance as their No. 1 obstacle to cloud adoption. All want to take greater advantage of public cloud solutions but worry that any economic gains will be negated by the high cost of compliance.

Automating Cloud Compliance

IBM’s new white paper, “Turning the Regulatory Challenges of Cloud Into Competitive Advantage,” explains the opportunity in front of financial services to solve the regulatory compliance dilemma. It makes the case for an industry-standard framework and control library as the essential foundation for simplifying and automating compliance. It also predicts that advances in cognitive computing, artificial intelligence and analytics will provide the technology to enable this framework. Using these technologies, it is already possible to update industry-standard frameworks and controls automatically and to notify firms when regulatory changes occur.

Cognitive technologies have the potential to manage financial firms’ cloud compliance dynamically, updating internal frameworks, policies and controls in near-real time in response to changes from regulators. Firms will be able to access the industry-standard framework and control library as a utility service as needed to dynamically adapt to and consume updates without compromising their own proprietary frameworks and control libraries.

These capabilities, which have collectively come to be known as cognitive regulatory compliance, enable financial services to continuously align with regulators and the controls they are enforcing. They allow firms to stay on top of regulatory changes through rigorous monitoring and automatic notifications. Cognitive regulatory compliance does away with the manual processes and procedures that impede cloud adoption. It also allows financial services firms to monitor the cloud ecosystem end to end, which is vital for widespread adoption.

Financial institutions have an opportunity to lessen the compliance burden of cloud by working more closely with regulators and CSPs. Those that do will be in the best position to affect how regulators understand and legislate cloud services.

Read the white paper: Turning the regulatory challenges of cloud into competitive advantage

More from Banking & Finance

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…

SEC Proposes New Cybersecurity Rules for Financial Services

Proposed new policies from the Securities and Exchange Commission (SEC) could spell changes for how financial services firms handle cybersecurity. On Feb. 9, the SEC voted to propose cybersecurity risk management policies for registered investment advisers, registered investment companies and business development companies (funds). Next, the proposal will go through a public comment period until May 9.  The Importance of Cybersecurity in Finance The 2021 X-Force Threat Index found that financial services were the most targeted industry. Manufacturing beat out…