The UK’s financial regulators including the Financial Conduct Authority (FCA) and Bank of England are to be given powers to test the resilience of big cloud providers like IBM, Google, Microsoft and Amazon and conduct on-site inspections.
The critical third party regime will enable Britain’s financial watchdogs to extend their oversight of individual firm risk arrangements with cloud providers to manage potential systemic risks due to the concentrated number of providers.
This means that they will be able to request information directly from critical third parties on the resilience of their material services to firms, or their compliance with applicable requirements.
They can also commission an independent ‘skilled person’ to report on certain aspects of a critical third party’s services.
In addition, they can appoint an investigator to look into potential breaches of requirements under the legislation as well as interview a representative of a critical third party and require the production of documents.
Moreover, they can enter a critical third party’s premise under warrant as part of an investigation.
Once legislation is in place, the FCA, BoE and Prudential Regulation Authority (PRA) will be granted a suite of statutory powers, including the power to direct critical third parties from taking or refraining from taking specific actions.
They will also be able to publicise failings, and to prohibit a critical third party from providing future services, or continuing to provide services to firms.
Regulatory authorities across the globe have become increasingly concerned about the reliance of banks on a small number of Big Tech cloud providers.
The Bank of England’s Financial Policy Committee in 2021 criticised the opaque nature of cloud contracts and concluded “the increasing reliance on a small number of cloud service providers and other critical third parties could increase financial stability risks without greater direct regulatory oversight of the resilience of the services they provide.”
According to HM Treasury, over 65% of UK firms used the same four cloud providers in 2020, raising concerns about widespread disruption to critical financial services in the event of a power outage.
©Markets Media Europe 2022
TOP OF PAGE