Cloud Service Providers (CSPs) typically think about the technology and business needs of their customers, and don’t necessary consider the impact to their customers compliance with regulatory obligations. Compliance decision makers aren’t clear on how to migrate to the cloud, and manage regulatory risk and compliance in the cloud. The big challenge is demonstrating how CSPs can meet customer’s risk and compliance needs.

GMAG works with the largest CSP’s in the business and we understand how financial firms use data for business, regulation and compliance. We will provide guidance on moving existing data to the cloud and other important services on how best to comply with regulatory obligations. GMAG has delivered training and regulatory updates to the FS-ISAC and the Cloud Council.

Our team created collateral discussing compliance considerations for cloud migration on various topics including:

  • Compliance with outsourcing regulations
  • Audit Standardization
  • Disaster Recovery and Business Continuity
  • REG-SCI”—”17a-4 considerations
  • Security
  • Incident Response
  • Privacy and Data Protection
  • FINRA Rule 451

Let us work with your team and craft a data strategy plan to leverage the cloud capabilities and efficiencies.


How We’ve Helped Our Clients

GMAG was asked to participate in a cloud migration training session for a major cloud service provider’s global financial services team. In doing so, GMAG covered the various regulatory considerations associated with migration and how strategic data transfer could be achieved by implementing GMAG’s defined process. The presentation was streamed to various teams in countries across the globe.

GMAG was retained by a major Cloud Service Provider to review its financial services offerings as they relate to Regulation-SCI. GMAG consultants provided an overview of the regulatory expectations around system availability, security, incident avoidance and incident management. GMAG assisted this CSP with shared responsibility considerations and SLA design and implementation.

GMAG has worked with a cloud implementation vendor to develop an FSI cloud adoption process which includes a roadmap for implementation. GMAG consultants designed a process that ensures continuity of key compliance systems and controls, preserves key dependencies, identifies compliance systems that are not being migrated, plans QA/regression testing for all compliance functions (including interoperability with functions that will not migrate) and ensures visibility into the functioning of critical compliance controls.

GMAG has delivered regulatory and compliance briefings to the Financial Services sales staff of a major CSP, and to the Financial Services – Information Sharing and Analysis Center (FS-ISAC) Working Group on Compliance, focusing on emerging regulatory trends in cloud migration and adoption for financial services firms.