I don't know of any that require you to be on prem, but if you can't arrive at a reasonable liability agreement with your providers, cloud can be taken off the table pretty easily for any information that requires public disclosure of breeches (e.g. ssn) or comes with hefty fines (e.g. patient information)
It's not so much that regulations require you to be on premise as much as on premise is how you fulfill a combination of so many requirements emphasizing meticulous control and auditing of your entire operations from background checking your datacenter janitors on up. FedRAMP and similar standards have historically been fulfilled by companies built around bureaucracy-ware-first business models for enterprise customer demands rather than technology-first like most technology companies, and most of these companies focusing upon managing as much of a company's technology as possible such as EDS (now HP).
