Spotlight on FINRA’s latest report on cloud computing in the US securities industry – Lexology

The financial services landscape is constantly evolving. Amidst the mass change and disruption wrought by the pandemic, in tandem with meteoric rise of the crypto market, regulators around the world are introducing new waves of rules and regulation to keep up with the rate of change.

In October 2021, the Financial Industry Regulatory Authority (FINRA) issued a new report on Cloud Computing in the Securities Industry, providing advice and regulatory considerations for the US securities industry. In response to this, NCC Group shared further recommendations, based on its expertize and work with businesses in the global financial industry.

What are the key takeaways from the report?

To mitigate the cybersecurity and lock-in risks associated with outsourcing cloud services to third-party vendors, and ultimately take advantage of advancements in cloud computing, FINRA encourages its member firms to:

How else can organizations take advantage of cloud computing?

The adoption of cloud, software and technology escrow solutions, using Resilience by Design principles, can help organizations to meet the financial systems increasing demand for risk management, business continuity and ongoing operational resilience. By focusing on resilience from the start, organizations will be well placed to meet evolving rules and regulation.

To identify supplier risk exhaustively, organizations face increasing costs, barriers to innovation, and potentially reduced access to financial services. For this reason, cloud, software and technology escrow solutions offer legal, technical and proportional assurance to organizations.

Under this approach, cloud supplier failure would be assumed by default, regardless of a third-partys risk profile. Cloud, software and technology escrow agreements, together with dry-run verification services, will help to mitigate against supplier failure and offers a minimum level of resilience that ensures continuity of services while alternative options are being implemented.

Firms should also perform a comprehensive assessment of threats, vulnerabilities, impact and likelihood of cybersecurity incident on at least an annual basis to maintain a current view of overall technology risk, including cloud solutions. While the standard disciplines for assessing, managing and mitigating risk related to services provided using cloud resources are the same as for traditional IT deployment models, the risks are not, and each organization should prioritize understanding their new unique risk profile.

See original here:

Spotlight on FINRA's latest report on cloud computing in the US securities industry - Lexology