UK monetary regulators wish to introduce sweeping new guidelines to make sure cloud computing giants and different “important third events” relied on by banks and insurers don’t put the UK monetary system in danger.
The Monetary Conduct Authority, the Prudential Regulation Authority and the Financial institution of England on Wednesday issued a joint session paper setting out proposals to strengthen oversight of service suppliers to the monetary sector.
The paper set out a “set of floor guidelines” in addition to extra detailed necessities for key areas similar to cyber resilience and disruption testing.
“Exterior service suppliers typically play a significant position within the supply of vital companies by banks and insurers,” mentioned Sam Woods, head of the Danger Evaluation Authority. “These preparations carry advantages, however additionally they carry potential dangers.”
UK regulators have more and more targeted on dangers related to cloud computing giants and different third events lately, as monetary firms outsource knowledge storage and processing to a small variety of massive US expertise suppliers.
The Financial institution of England is anxious that outages, hacks and different service disruptions might materially undermine the operations of the businesses they help, and desires larger assurances that buyer knowledge is protected.
Regulators got powers by Parliament to deal with these dangers within the Monetary Companies and Markets Act 2023, which empowered the Treasury with the facility to designate sure cloud service suppliers as important whereas strengthening regulators’ rule-making and oversight capabilities.
“With the focus of third events serving a number of shoppers in monetary companies, there’s nevertheless a danger of great affect in the event that they break down or fail,” mentioned Nikhil Rathi, chief government of the FCA.
“These proposals will enhance the resilience of vital third-party companies that monetary companies and their clients depend on, help market integrity and improve the UK’s competitiveness and progress.”
Below the proposals, cloud and expertise suppliers could be topic to stronger disclosure necessities, together with annual self-assessments and common “situation testing” of their capacity to offer companies throughout extreme disruption.
Moreover, expertise firms should notify moderators of any outages or points they encounter.
Regulators have expressed concern concerning the dangers of specializing in the UK monetary system, on condition that the US trio of Amazon, Microsoft and Google dominate the cloud computing market.
Amazon Net Companies has offers with Barclays and HSBC, whereas Lloyds Banking Group has contracts with Google Cloud, Microsoft Azure and Thought Machine.
Lenders hope the partnerships will scale back IT prices, assist them restore ageing infrastructure and leverage synthetic intelligence to automate customer support and detect monetary crimes.
The consultations proceed till March 2024. The Financial institution of England mentioned its framework ought to be “interoperable” with these within the US and the European Union.