May 18, 2024 / VOLUME NO. 314

The Keys to the Cloud

Australian pension fund UniSuper, with around $90 billion in assets under management, recently found itself in hot water with customers when roughly half a million members lost access to their accounts for about a week, according to the news site The Guardian.

The service disruption wasn’t due to a data breach or ransomware attack. Instead, the company’s cloud provider — Google Cloud — inadvertently deleted UniSuper’s subscription. “This is an isolated, ‘one-of-a-kind occurrence’ that has never before occurred with any of Google Cloud’s clients globally,” wrote UniSuper CEO Peter Chun and Google Cloud CEO Thomas Kurian in a statement. “This should not have happened. Google Cloud has identified the events that led to this disruption and taken measures to ensure this does not happen again.”

The outage was so pervasive and long-lasting because the erasure of the company’s cloud also deleted the Google Cloud-hosted backup. The fund’s systems — along with “hundreds of virtual machines, databases and applications” — were lost; UniSuper relied on a secondary backup with another provider to help restore service.

Companies around the world have increasingly relied on the cloud to do business to improve productivity, profitability and decision-making. In a 2023 PwC survey, 78% of executives said their company had adopted cloud in most or all parts of their operations. And 90% of U.S. bank executives responding to a Crowe LLP and American Bankers Association poll in 2021 said their institution maintained at least some data, applications or operations in the cloud. 

Banks work with third-party providers to deploy the cloud across their organizations — and too often, they lean on that provider to manage their data without considering who on staff could have access to it, says Ben LeClaire, a principal at Plante Moran. That could be a critical error. “Your data is your data. You're responsible for it,” he says. “The second anything happens to it, look at where the customers turn to.”

LeClaire says banks need to know who’s in control, and what their vendors can access and change. “What this event highlights, from a risk perspective, is knowing who's at the helm to make authorized or unauthorized changes,” he says. Are changes limited to a small number of the vendor’s employees or a large group of IT staff? 

Requesting that information should be part of any bank’s due diligence process, says LeClaire. “The more people that have the right [to make changes], the more chances of even an honest mistake occurring. It really is about limiting that as much as possible.” 

• Emily McCormick, vice president of editorial & research for Bank Director

Will Your Bank Be Covered When Fraudsters Strike?

With fraud on the rise, directors should know the ins-and-outs of their bank’s insurance bond so their institution can be reimbursed for losses. 


“It's far better to not suffer the loss, but you want to have reasonable ways to make yourself whole if you do.”

— Ken Achenbach, Bryan Cave Leighton Paisner

• Laura Alix, director of research for Bank Director

How Bank Boards Can Support the Implementation of AI

Developing and deploying an effective AI program requires clear direction and strong oversight from the board.

A Reset on Interest Rates

Hopes that interest rate cuts would provide relief for what ails banks have been replaced by a realization that rates might be stuck for a while or even rise.

How Automation Can De-Risk Compliance   

It’s time for banks to embrace innovative and long-term compliance solutions.

Transformation Takes a Team (and Iteration)   

It’s time the banking industry stops viewing digital transformation as an end goal and instead thinks of it as an evolution.