Federal regulators are cautioning financial institutions about the unique risks associated with their use of services such as cloud computing.
The Office of the Superintendent of Financial Institutions Wednesday released a letter that it sent to financial firms about its expectations concerning outsourcing, and the applicability of its guidelines to new technology-based services, such as cloud computing.
It notes that OSFI recognizes the opportunities and benefits that these sorts of services can bring; however, it cautions firms to also recognize “the unique features of such services and duly consider the associated risks.”
In the letter, OSFI reminds firms that the expectations contained in the existing outsourcing guidelines apply to these new sorts of outsourcing services too. “In particular, [financial institutions] should consider their ability to meet the [regulator’s] expectations… in respect of a material arrangement, with an emphasis on: confidentiality, security and separation of property, contingency planning, location of records, access and audit rights, subcontracting, and monitoring the material outsourcing arrangements,” it says.
OSFI says that it considers the management of outsourcing risks important to ensuring that financial firms are managed prudently, and that it will be monitoring this issue as part of its ongoing supervisory work.