The small number of cloud services providers used by financial services firms could pose risks to financial stability.
The Bank of England flagged this concentration of use in 2021, and following an earlier report which identified that over 65% of UK financial services firms used the same four cloud providers, such as Microsoft’s Azure and Amazon’s Web Services.
HM Treasury has now issued a policy statement setting out its proposals for regulation of critical third-party providers to the financial services sector, including the cloud service providers.
HM Treasury’s statement quoted Bank of England Financial Policy Committee conclusions that “the increasing reliance on a small number of cloud service providers and other critical third parties could increase financial stability risks without greater direct regulatory oversight of the resilience of the services they provide”.
The government is expected to legislate to provide regulators with new powers to address these issues when parliamentary time allows. The proposals include developing a framework to identify and manage risks arising from a critical third party’s failure or disruption; the creation of new rules setting out minimum resilience standards; resilience testing; new reporting requirements and powers for the regulators to order investigations and take enforcement action.
James Burgoyne, Divisional Director – Claims & Technical, Brunel Professions said: “It was notable that under the proposals the regulator can forbid the service provider from taking certain types of action, or providing services in the future. Nevertheless, financial services providers would remain responsible to the regulator for their operational resilience under these proposals.”