While not breaking new ground, the recent joint statement from the regulators comprising the Federal Financial Institutions Examination Council (FFIEC) provides a nice compilation of useful signposts for financial institutions assessing the risks and rewards associated with cloud computing services. If you don't know your SaaS, PaaS, or IaaS from a hole in the ground, this statement includes a nice overview of key terms and links to helpful resources for further reading on the subject. In sum, this is a worthwhile read for financial institutions subject to oversight by the FFIEC regulators and probably worth a skim for other US-regulated financial service providers.
With many banks moving some or all employees to remote work arrangements and accessing more cloud-based technologies, the Federal Financial Institutions Examination Council released a statement on risk management principles for cloud computing security. FFIEC noted that the statement does not contain new regulatory expectations but rather highlights examples of risk management practices.