Stay knowledgeable with free updates
Simply signal as much as the UK monetary regulation myFT Digest — delivered on to your inbox.
UK monetary regulators need to introduce sweeping new guidelines to make sure that cloud computing giants and the opposite “critical third parties” relied on by banks and insurers don’t endanger the UK’s monetary system.
The Financial Conduct Authority, the Prudential Regulation Authority and the Bank of England on Wednesday issued a joint session paper setting out proposals to strengthen oversight of suppliers to the monetary sector.
The paper outlined “a set of fundamental rules” in addition to extra granular necessities for key areas similar to cyber resilience and disruption testing.
“Third party service providers often play a vital role in the delivery of important services by banks and insurers,” stated Sam Woods, head of the PRA. “These arrangements bring benefits, but also potential risks.”
UK regulators have been more and more targeted on the hazards linked to cloud computing giants and different third events lately as monetary corporations outsource information storage and processing to a small variety of US Big Tech suppliers.
The BoE is worried that outages, hacks and different service interruptions might materially undermine the operations of the businesses they assist, in addition to wanting better ensures that buyer information shall be protected.
Regulators got powers by parliament to sort out these dangers within the 2023 Financial Services and Markets Act, which enabled the Treasury energy to designate some cloud service suppliers as crucial whereas strengthening regulators’ rule-setting and oversight capabilities.
“With a concentration of third parties serving multiple clients in financial services, there is, however, a risk of major impact if they are disrupted or fail,” stated Nikhil Rathi, chief government of the FCA.
“These proposals will improve the resilience of the critical third-party services that financial firms and their customers depend on, support market integrity and enhance UK competitiveness and growth.”
Under the proposals, cloud and know-how suppliers can be topic to extra strong disclosure necessities, together with annual self-assessments and common “scenario testing” of their capacity to offer providers throughout extreme disruptions.
Additionally, tech corporations must notify supervisors of any outages or points they expertise.
Regulators have expressed concern about focus threat for the UK monetary system, on condition that the US trio of Amazon, Microsoft and Google dominate the marketplace for cloud computing.
Amazon Web Services has struck offers with Barclays and HSBC, whereas Lloyds Banking Group has contracts with Google Cloud, Microsoft Azure and Thought Machine.
Lenders hope that the partnerships will scale back their IT prices, assist them to overtake antiquated infrastructure and capitalise on AI to automate customer support and detect monetary crime.
The session runs till March 2024. The BoE stated its framework ought to be “interoperable” with these within the US and EU.
https://www.ft.com/content/8fd1112a-c114-4a8e-92de-fc6610f757b6
