On April 30, 2020, the Federal Financial Institutions Examination Council (FFIEC)  issued a new Joint Statement on the topic of “Security in a Cloud Computing Environment.” The Joint Statement reminds Financial Institutions that, in electing to use Cloud Services, they are not exempted from their responsibility to apply sound risk management practices in overseeing such relationships. This is not a change or update to regulatory guidance and appears to have been prompted by reports of cloud providers whose security has been breached and have thus subjected their financial institution clients to risk and/or potential damage.