Skip naar inhoud

Financial services sector’s cloud use set for more regulatory scrutiny on resilience grounds

Wilt u deze bijdrage aanbevelen? Dat kan via:

Financial stability report by Bank of England’s Financial Policy Committee raises red flag about banks’ growing reliance on a small number of cloud service providers
The UK financial system’s growing reliance on a few cloud service providers (CSPS) could be subject to closer regulatory scrutiny, based on the findings of a report by the Bank of England’s Financial Policy Committee (FPC).

The FPC’s biannual Financial stability report sets out to identify areas for banks and building societies to be wary of that could pose a systemic risk to their operations and the overall resilience of the UK financial system.

The financial services sector’s growing use of cloud technologies is one area that the July 2021 edition of the FPC’s Financial stability report flags as a concern, particularly the sector’s growing reliance on the tools and services offered by a relatively small pool of providers.

“Since the start of 2020, financial institutions have accelerated their plans to scale up their reliance on CSPs,” said the report, a nod to how the onset of the Covid-19 pandemic led to a surge in cloud use by financial services companies.

This development has not gone unnoticed by the sector’s regulators, which include the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), said the report, but concerns persist about the risk involved in having so many firms relying on such a few providers.

“Although the PRA and FCA have recently strengthened the regulation of firms’ operational resilience and third-party risk management, the increasing reliance on a few CSPs and other critical third parties could increase financial stability risks without greater direct regulatory oversight of the resilience of the services they provide,” the report stated.

In the light of this situation, the FPC’s view is that additional policy measures should be pushed through to help mitigate the “financial stability risks” and it is already working with the Bank of England, the FCA and the Treasury to achieve this.

“The FPC recognizes that absent a cross-sectoral regulatory framework, and cross-border co-operation where appropriate, there are limits to the extent to which financial regulators alone can mitigate these risks effectively,” said the report.

While the report stops short of calling out specific cloud providers, all three of the major public cloud firms – Amazon Web Services (AWS), Microsoft and Google – are known to have a firm footing in the financial services sector.

Also, all three organisations are known to have made a concerted effort in recent years to court financial services companies through the roll-out of industry-specific offerings and support teams with skills and experience of working with firms in the sector.

And even without the Covid-19 pandemic as a backdrop, the willingness of financial services firms to use cloud has increased markedly over the past decade, with regulators, including the FCA, issuing guidance advising firms within its scope on how to move to cloud in a safe and secure way.

Simon Hull, head of financial services at technology consultancy BJSS, said it is right for the FPC to be concerned about the dominant hold a few very large cloud firms have on the sector.

“One of the drivers for cloud migration is to improve operational resiliency of individual firms and the ecosystem in general, but if there are problems with the underlying infrastructure itself, this could impact thousands of systems at once,” he said.

“Financial service firms themselves understand this and are taking steps to both ensure resiliency and avoid supplier lock-in by introducing different arrangements such as hybrid private/public cloud and using more than one CSP in a multi-cloud strategy.”

At the same time, most cloud service providers rely on multiple data centre availability zones to ensure resiliency, he added.

“While this should give some comfort, the desire to better understand and manage this risk is natural, however the innovation enabled by cloud technology must also not be unduly stifled. Given its global nature and evolving state, this will require collaboration across regulatory bodies and industry participants,” Hull concluded.

Lees ook:

Wat wil en wenst de ontwikkelaar?

In een krappe ict-arbeidsmarkt is het voor werkgevers interessant te weten wat er onder ontwikkelaars leeft. Bedrijven die de juiste tools bieden, hebben een streepje voor. Een internationaal onderzoek onder ruim zeventigduizend ontwikkelaars uit de Stack Overflow-community geeft inzicht in de trends. Dit rapport is bij recruiters dan ook niet onopgemerkt gebleven. Ze krijgen zo een beeld van hoe developers leren en meer kennis vergaren, welke tools ze gebruiken en waaraan ze behoefte hebben.

TNO: Europa kan tech-overmacht VS en China doorbreken

Zet vol in op de ontwikkeling van 6G, maak Gaia-X volwassen, loop voorop met edge computing en omarm open technologie. Dit zijn enkele aanbevelingen van TNO om in Europa de overheersing van Big Tech en Chinese (5G-)bedrijven te doorbreken.

Subpostmaster campaigning forces government to set up compensation scheme and make interim payments

Subpostmaster campaign group is a step closer to achieving what it was originally set up to do as government launches compensation scheme for its members who did not receive fair payouts

Advies: wacht met 3,5 GHz tot Inmarsat weg is

Het duurt waarschijnlijk tot eind 2023 voordat de 3,5-GHz-frequentieband beschikbaar komt voor openbare mobiele-communicatiediensten. Er is weliswaar veel vraag naar extra frequentieruimte, maar op de daarvoor afgesproken 3,5-GHz-band kan dat storen met noodoproepen van de lucht- en zeevaart. Het ministerie krijgt het advies te wachten totdat satellietbedrijf Inmarsat is verhuisd van het Friese Burum naar Griekenland.

Na sase komt sse (security service edge)

Security service edge (sse) is de evolutie van het sase-framework van Gartner. Door de letter ‘A’ (voor ’access) te verwijderen, wordt duidelijk dat het netwerk niet langer wordt beschouwd als onderdeel van een beveiligingsoplossing. Het is slechts het mechanisme dat de datastromen naar het security- en controleplatform transporteert.

UK tech has 2.8% gender ‘wage gap’, says Hired

The wage offered to women for tech jobs in the UK is 2.8% less than offered to male counterparts – a larger gap than in the US and Canada, says Hired

Wilt u deze bijdrage aanbevelen? Dat kan via:

Klaar voor de beste oplossing voor uw IT & ICT-situatie?

Ik heb mijn wachtwoord gewijzigd in “onjuist.” Dus wanneer ik vergeet wat het is, zal de computer zeggen: “Uw wachtwoord is onjuist.”