Categories: Cloud Banking

Deep Dive: How The Pandemic Is Changing Cloud Compliance Rules And How FIs Can Keep Up

Most banks are familiar with how quickly regulatory requirements can change. One 2019 report noted that there were 220 updates to such requirements worldwide each day, equating to roughly 80,000 in one year. Staying abreast of these various compliance shifts can be costly and challenging for banks, but doing so is necessary to ensure that financial institutions’ (FIs) operations can run smoothly and ward off cyberattacks.

These considerations are especially important during the ongoing coronavirus pandemic as the wave of legitimate customers now doing their banking online has prompted a corresponding spike in fraud. Twenty-two percent of American consumers state that they have been targeted by COVID-19-related fraud attempts since the pandemic’s onset, for example, leading financial authorities to work toward keeping consumers’ data more secure by changing how it is stored.

Companies are reexamining how they can use cloud technologies to comply with changing security standards as digital banking volumes expand. The following Deep Dive analyzes how the ongoing pandemic has affected emerging security standards and what these changes mean for the future use of cloud-native core banking infrastructure.

Compliance, Cybercrime And The Cloud

Financial authorities often recommend regulatory changes to ensure that banking data remains secure amid broader financial industry changes, but determining the best steps to take has become challenging as more FIs abandon legacy servers for digitally native cloud infrastructure. EU and U.K. regulators have debated how companies can team up with third-party cloud providers while adhering to regulations such as GDPR, and noncompliance can lead to high-priced consequences. Technology giant Google, which operates Google Cloud services, was fined approximately $57 million for breaching GDPR privacy standards in 2019, for example, and EU regulators are questioning other companies over how their cloud platforms store data.

GDPR has been a blueprint for many online data and privacy regulations rolled out around the world. These include the recently ratified California Consumer Privacy Act (CCPA), which outlines new compliance and security standards for the state’s businesses and FIs that operate on the cloud.

Many online data regulations were instituted to combat emerging security threats as digital banking usage climbed, with one study finding that 78 percent of banks viewed cybersecurity as their top priority in 2019. Many of these FIs appeared to have adopted cloud solutions to beef up their protection measures, too, with another 2019 survey revealing that 94 percent of banks and businesses were utilizing more than one cloud provider. Eighty-six percent of survey respondents also said they expected their organizations’ cloud strategies and environments to evolve to address novel threats.

The pandemic may not have created the challenges banks face in keeping their cloud strategies and innovations compliant. Still, it is prompting a reexamination of how FIs are using the technology to store data. It is also making it essential for banks to meet such standards and safeguard their customers’ information.

Answering The Data Question

FIs have long been favorite targets of fraudsters. One 2019 report found that 62 percent of the data stolen in online breaches that year came from FIs, even though many banks and businesses were tapping some form of cloud technology at the time. The pandemic appears to be giving cybercriminals even more opportunities to launch their schemes, with 89 percent of U.S. consumers now using mobile banking applications to access their bank accounts.

Many FIs were struggling to juggle data even before consumers flocked online during the pandemic. A 2019 report found that just 3 percent of banks intended to categorize or otherwise utilize unstructured data, which includes audio and video files as well as data attached to emails and other internal services. Unstructured data represents about 80 percent of the information FIs store and gleaning more insight from it requires the use of cloud technologies. Failing to secure such information could open up FIs to fraud. Cybercriminals could pull or scrape details from unstructured data and use them to perpetrate synthetic identity fraud or other schemes.

Securing customer information stored on the cloud and complying with regulations governing consumer privacy requires banks to think of categorizing and freshly processing information. FIs must avoid thinking of cloud infrastructures as simple digital versions of their previous legacy systems as doing so could result in noncompliance and ultimately jeopardize customers’ sensitive information.

Get our hottest stories delivered to your inbox.

Sign up for the Newsletter to get updates on top stories and viral hits.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.