On October 18, 2019, the Task Force on Artificial Intelligence, which is a task force within the House Financial Services Committee (FSC), held a hearing titled AI and the Evolution of Cloud Computing: Evaluating How Financial Data is Stored, Protected, and Maintained by Cloud Providers. In a memorandum published before the hearing, the FSC noted that financial institutions have adopted cloud computing for non-core purposes (e.g., human resources, customer relationship management, etc.) while exercising caution when migrating over core services and activities (e.g., payments and retail banking). However, the memorandum notes that over the next five to 10 years, the expectation is that banks will move over more core functions to the cloud. The FSC notes that AI is a component of cloud computing because it helps streamline tasks, improves how data is managed and provides real-time cyber defense.

Financial institutions that use cloud computing and cloud service providers (CSP) have legal compliance obligations when financial institutions use cloud computing to perform both non-core and core functions. For example, federal regulators require CSPs to meet the same regulatory requirements as if the financial institution performed the activities (e.g., complying with the Bank Service Company Act or the Gramm-Leach-Bliley Act (GLBA)). As the FSC memorandum notes, examiners from the Federal Reserve recently visited a large CSP, and the CSP balked when the Federal Reserve asked the CSP to provide additional information after the on-site examination. Further, the CSP sought clarity from the Federal Reserve on how the Federal Reserve would use and store that information and who would have access to it. Therefore, the concerns over data privacy run both ways. As numerous witnesses in the hearing and members of the FSC noted, greater clarity from regulators regarding the use of CSPs by financial institutions would be beneficial. This echoed a 2018 Treasury report on Nonbank Financials, Fintech, and Innovation, which noted that [f]inancial services firms face several regulatory challenges related to the adoption of cloud, driven in large part by a regulatory regime that has yet to be sufficiently modernized to accommodate cloud and other innovative technologies.

The hearing addressed these compliance issues as well as issues related to consolidation, privacy and security. Below is a summary of the participants presentations.

The question and answer session that followed repeatedly focused on security issues posed by the use of CSPs, including whether and how CSPs can be better trained to understand the financial regulatory requirements imposed on their financial institution clients. Another concern mentioned was the difficulty associated with attribution when an error or breach occurs with a CSP (from the perspective of who may have been at fault and who actually committed the act Ms. Broussard noted that AI is useful in helping identify and protect against known vulnerabilities but that it struggles with unknown unknowns). Finally, near the end of the question and answer session, Mr. Benda noted the difficulties associated with the need to comply with both state laws which can vary, sometimes significantly, in their requirements and federal laws and requested that one harmonized approach be adopted so that banks do not have to answer to 51 masters.

This was the third hearing of the Task Force on Artificial Intelligence. You can watch the full hearing here.

Original post:

Task force on artificial intelligence hearing: AI and the evolution of cloud computing - key testimony on the risks, challenges and opportunities -...