Remarks by CFPB Director Rohit Chopra at the Department of the Treasury’s Announcement on Cloud Service Provider Resilience

Director Chopra joined an event hosted by Deputy Secretary of the Treasury Wally Adeyemo to announce a series of steps that the U.S. government and the financial sector are taking to safeguard risks to the financial system with respect to cloud service providers. The transcript has been slightly edited for clarity.

Thank you everyone for being here. I would like to start by echoing what that the Deputy Secretary has shared.

At the CFPB, we worry a lot about making sure people can actually access their own money. We all have money in bank accounts and other products, and it is not locked in some drawer. It is recorded in databases using the most modern technology, and we’ve seen over the past several weeks the issues that occur when people can't access their money. We've seen these issues play out in the Evolve-Synapse debacle, where so many people across the country are crying for help. We’ve seen the dangers of how things can go wrong when something happens to these service providers.

As financial regulators, we’re not just going to sit around and wait until something happens next. We want to be prepared. As the Deputy Secretary noted, we’re thinking hard about what financial institutions, big and small across the entire system, are doing – they’re moving to the cloud.

Now, the cloud may be something that sounds a little obscure, but it’s really a way to manage information and data for a business. Most of our daily interactions online involve the cloud, and the market for these products is dominated by a few major service providers connected to well-known Big Tech companies.

One of the things we have put a lot of thought into is what happens when something goes wrong. I think we all understand what it means when our electric grid goes down, or airports shut down, and the kind of chaos that would ensue.

Just imagine what would happen to families and businesses in this economy if they cannot make payments, they cannot withdraw money, or they cannot do what they need to do in their daily lives. We need to make sure that our cloud infrastructure is resilient, that it is always working, and that an outage does not create a massive financial crisis.

For this reason, we have thought through ways we can work with financial institutions to make sure that they can stay resilient 24/7, 365 days a year – and they have stepped up and given us a roadmap of what we should do. But there is more we need to figure out. Do we need to enhance some of the regulations that cover these big cloud service providers? Do we need to make sure that small banks and credit unions have enough bargaining leverage to make sure that their systems can be turned on quickly just like the biggest names on Wall Street? We’ve laid out a whole set of work, it has a lot of acronyms and technical details, but the goal is to make sure that people can access their money and that our system does not crash.

I also want to thank everyone in the national security community who cares so much about this issue. This is not just about consumers and workers and small businesses; protecting the critical infrastructure of our country from bad actors is also unbelievably important. So, thank you again for helping to drive this work.