Cloud Storage: What are the Requirements for Financial Institutions?

By Gabriel Ruzin

Recent technological advancements have undoubtedly streamlined the loan process for borrowers and lenders alike, far beyond what could have been imagined just a few decades ago. But while worldwide computing networks have effectively slashed days and sometimes weeks off the total time needed to secure a loan, these advancements also create risks never before seen in the financial industry. One of the most notable of these risks is the use of ‘cloud storage’ of borrower and loan information. Long gone are the days of snail mail and faxes handling the bulk of information sharing when it comes to the loan process. With the advent of the internet and global connectivity, it is imperative - and unavoidable - that borrower information be shared between different departments, companies, and various third parties in order to facilitate a successful loan from beginning to end. With such technology at play, it is no longer feasible for companies to retain rows of file cabinets on site, storing physical files and loan packets in perpetuity. Instead, more and more lenders store everything “in the cloud”.

As convenient as this can be, saving critical and private borrower data online unavoidably exposes it to potential theft. On April 30, 2020, the Federal Financial Institutions Examination Council (FFIEC) issued a statement in regards to security and cloud computing services. The statement encouraged financial servicers to take a close look at their cloud services provider when it comes to security, risk management, privacy, and record retention practices. The FFIEC also noted that regulatory risks have been heightened by the widespread use of cloud servicing and that the ultimate responsibility in keeping customer data and privacy safe lies with the financial institution, not the cloud provider.

A discovered weakness in a cloud computing network can lead to serious and damaging fallout. A 2019 breach of Capital One’s cloud led to the exposure of 106 million customers’ data, a major security concern whose repercussions are still felt today. A study by SC Media that same year revealed that the number of credit cards compromised by cloud storage hacks increased 212% from just the year before. Hackers continually test cloud storage networks with a variety of malware and social engineering attack methods in an effort to illegally access personal and financial information.

So what can a lender do in the face of such constant intrusion attempts? First, they can utilize the style of cloud computing that meets their needs. There are a variety of cloud storage providers that offer different levels of flexibility, customization, and security, which can be attuned to a servicer’s specific needs. Different ‘clouds’ can adequately handle and protect data differently depending on a lender’s volume, capacity, and geographic footprint. It is also crucial that a servicer do their homework and due diligence when it comes to what cloud service to partner with. How often do they perform system maintenance and security tests? How seriously do they take compliance and operations issues? Cloud storage is here to stay and a strong partnership between financial institutions and cloud storage providers is the best way to ensure regulatory compliance is maintained and customer data is safe from external threats.