BoE warns of crackdown on cloud service providers to financial sector
UK regulators need to act to avoid banks' reliance on a handful of outside cloud computing providers (CSPs) becoming a threat to financial stability, the Bank of England said on Tuesday.
Banks and other financial firms are outsourcing key services to cloud computing companies such as Amazon, Microsoft and Google to improve efficiency and cut costs.
The BoE said cloud computing could sometimes be more reliable than banks hosting all their servers themselves. However, larger market players could become “secretive” and also dictate terms and conditions - as well as prices.
"That concentrated power on terms can manifest itself in the form of secrecy, opacity, not providing customers with the sort of information they need to monitor the risk in the service," BoE Governor Andrew Bailey told a news conference. "We have seen some of that going on."
Bailey did not name specific firms he had concerns about.
Earlier the BoE's Financial Policy Committee said additional policy measures were needed to mitigate financial stability risks in cloud computing, Reuters reported.
"In terms of the standards of resilience and the testing of those standards of resilience, frankly we will have to roll some of that back, that secrecy that goes with it. It's not consistent with our objectives," Bailey said.
Bailey said the BoE understood the desire of CSPs not to reveal too much publicly about their operations, in case it opened the door to cyber-attacks, but that the firms needed to give more information to regulators and customers.
The BoE said it welcomed the engagement of the Treasury and Financial Conduct Authority (FCA) on how to tackle risks from cloud computing, but that a broader approach may be needed, including other regulators and overseas partners.
“Since the start of 2020, financial institutions have accelerated their plans to scale up their reliance on CSPs,” it said in its latest financial stability report.
“Although the Prudential Regulation Authority and FCA have recently strengthened the regulation of firms’ operational resilience and third party risk management, the increasing reliance on a small number of CSPs and other critical third parties could increase financial stability risks without greater direct regulatory oversight of the resilience of the services they provide.”