The Federal Trade Commission should push for a harmonized approach to financial sector adoption of cloud computing services by leveraging the work of other federal agencies and working with foreign entities, the American Bankers Association said today in a letter to the FTC on the business practices of cloud service providers, or CSPs. The association also encouraged CSPs to design features in their base products and service offerings that allow banks to meet their compliance requirements for security and resiliency.
The FTC in March issued a request for comment on CSP business practices. The agency is studying a wide array of issues related to market power, business practices affecting competition and potential security risks, according to the request. In its comment letter, ABA noted the challenges banks face in negotiating contracts with CSPs, conducting due diligence and ongoing monitoring, managing concentration risk and dependencies on CSPs, and migration from one cloud provider to another. Many banks use cloud services to respond to customer demands for digital products, increase resilience to physical and cybersecurity incidents, take advantage of cost efficiencies relative to maintaining legacy IT systems, and support a remote workforce, the association said.