New report conducted by independent big four public accounting firm validates IBM Cloud Services are implemented against, and adhere to, the IBM Cloud Framework for Financial Services technical,…
New report conducted by independent big four public accounting firm validates IBM Cloud Services are implemented against, and adhere to, the IBM Cloud Framework for Financial Services technical, administrative and physical control requirements
According to a study[1] by IBM Institute for Business Value, 64% of banking and financial markets leaders surveyed cite industry-related regulatory compliance as an obstacle to improving business performance by leveraging their cloud estate. As organizations strive to overcome these challenges, IBM Cloud for Financial Services is a first-of-its-kind cloud designed by the industry to help clients as they work to mitigate risk and accelerate cloud adoption. Central to our cloud is the IBM Cloud Framework for Financial Services, developed in collaboration with industry experts to help clients automate their security and compliance posture through security and controls built into the platform. As IBM Cloud services are onboarded to IBM Cloud for Financial Services, IBM conducts a rigorous validation process that assures the services meet IBM Cloud Framework for Financial Services technical, administrative and physical controls requirements.
In addition, IBM engages a third-party professional services firm to complete an independent review of existing IBM Cloud services and processes. To further assist clients in addressing regulatory requirements, today IBM is announcing the availability of the IBM Cloud for Financial Services Agreed Upon Procedures (AUP) Report, commissioned by IBM and completed by a big four public accounting firm in accordance with the American Institute of Certified Public Accountants (AICPA). The report demonstrates to IBM Cloud for Financial Services clients that IBM Cloud services have been implemented against, and adhere to, the IBM Cloud Framework for Financial Services control requirements.
As we see regulators take a deeper interest in how the financial services industry is leveraging cloud technology, these validations are especially important. We only expect regulators’ interest to grow even greater in the coming years and are already seeing organizations respond. By embracing hybrid, multicloud strategies to help reduce risk, financial services organizations are simultaneously advancing operational resiliency and responding to increasing client demand for innovation as well.
To help mitigate risk in the industry, we introduced IBM Cloud for Financial Services in 2020 in collaboration with partner banks including Bank of America and BNP Paribas. With built-in technology, security and compliance controls, the platform aims to help financial services organizations address the industry’s unique cybersecurity and regulatory requirements, while providing the benefits and flexibility of the cloud in a secured environment. In addition to Bank of America and BNP Paribas, we serve some of the world’s top banks including CaixaBank and MUFG in Japan. Since its introduction in 2019, our expansive ecosystem has grown to more than 130 technology partners and fintechs that are helping financial institutions address 3rd and 4th party risk in the supply chain through a common set of security and compliance controls that are adhered to by the ecosystem.
Here are five things to know:
We believe it is of the utmost importance to demonstrate the effectiveness of these industry controls to clients. Today, a new third-party independent report validates IBM Cloud FS-Validated Services are implemented against, and adhere to, IBM Cloud Framework for Financial Services technical, administrative and physical control requirements. The report addresses controls for all focus areas of the IBM Cloud Framework for Financial Services including active monitoring & response, advanced data protection, automated application & workload protection, enhanced authentication & access management, focused risk management and compliance, operational excellence and unified infrastructure security & resiliency. As expectations of regulators globally increase, clients can order the report and leverage it as part of their internal risk management practices while demonstrating due-diligence and oversight of their cloud service providers to their regulators. With this report, we aim to continue to help clients use IBM Cloud for Financial Services with a high degree of confidence and transparency.
In addition, IBM Cloud for Financial Services recently received the AAA rating from Pinakes – a service managed by the Center for Interbank Cooperation (CCI) – which works to create a secured ecosystem for the financial industry in Spain.
These achievements underscore IBM’s strong commitment to security and compliance measures as we continue to help financial services clients transform.
At the heart of our mission is security and compliance. The IBM Cloud for Financial Services includes IBM’s innovative confidential computing capabilities and encryption technology to help clients keep data secured.
With confidential computing and IBM’s built-in security and compliance focused controls, the platform is designed to help enable financial institutions, fintechs, ISVs and SaaS providers to host applications and workloads in the cloud with confidence.
To build trust, we believe it takes all of us – banks, digital partners, cloud providers and more. That’s why we established IBM’s Financial Services Cloud Council which brings together CIOs, CTOs, CISOs and Compliance and Risk Officers to drive cloud adoption for mission-critical workloads in financial services.
A network of more than 120 financial institutions including Discover Financial Services, Banco Sabadell, Nationwide Building Society and Virgin Money collaborate to inform the controls that are required to operate securely with bank-sensitive data in the cloud. These controls are not IBM’s – they are the industry’s collective controls and we’ve made them available on multiple clouds (public or private) with IBM Cloud Satellite.
We believe new regulatory demands like the European Commission’s Digital Operational Resilience Act (DORA) and evolving data sovereignty requirements will be key drivers for financial services modernization. As clients look for new ways to reduce risks and modernize while maintaining security and trust, we are continuously dedicated to delivering an open and secure hybrid cloud environment for their mission-critical workloads.
While data sovereignty looks different for every country and each jurisdiction is autonomous in its decision-making, wider access to talent, culture and ideas can help companies compete effectively in today’s world. Although we don’t know what the future holds, the industry should be prepared to ask themselves: if data sovereignty means it is no longer possible to access the best international talent or restricts the flow of data across borders, at what point does this become an inhibitor to innovation and progress?
As the regulatory landscape transforms, IBM will continue to monitor the latest policies and financial regulations around the world to help our clients prepare for the future and enable them to drive innovation and growth with a focus on security, resiliency and compliance as the regulatory landscape transforms.
For decades, IBM has been fueling the transformations of the financial services industry. Today, we recognize that financial markets are changing as customers demand instant access to financial services. From access to accounts, making payments and transfers, securing loans to managing digital assets, we’re now in era where it can be accessed from a tap on a mobile device.
A new breed of technology providers – from fintech startups to fintech arms of financial institutions – have responded to this change in financial markets. Now, as fintechs grow in influence and value, regulators are starting to take a closer look. Earlier this year, the Biden administration acknowledged the growing importance of digital assets, including cryptocurrencies, with an executive order “Ensuring Responsible Development of Digital Assets.” In many ways, the executive order signaled a long-awaited recognition of digital assets in the formal economy, and in others, sent a strong signal about potential risks in this sector. It’s clear that while fintechs focus on innovation, they cannot drive forward without adhering to the regulatory environments – this is where IBM Cloud for Financial Services is positioned to help fintechs become compliance-ready from the onset.
As the future of financial services transforms, our mission continues to help clients deploy mission-critical workloads with confidence while addressing the latest requirements around regulatory compliance, security and data sovereignty.
[1] IBM Institute for Business Value Cloud’s next leap
More »