Skip naar inhoud

Financial services sector’s cloud use set for more regulatory scrutiny on resilience grounds

Wilt u deze bijdrage aanbevelen? Dat kan via:

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on tumblr
Share on stumbleupon
Share on mix
Share on telegram
Share on pocket
Share on whatsapp
Share on email
Financial stability report by Bank of England’s Financial Policy Committee raises red flag about banks’ growing reliance on a small number of cloud service providers
The UK financial system’s growing reliance on a few cloud service providers (CSPS) could be subject to closer regulatory scrutiny, based on the findings of a report by the Bank of England’s Financial Policy Committee (FPC).

The FPC’s biannual Financial stability report sets out to identify areas for banks and building societies to be wary of that could pose a systemic risk to their operations and the overall resilience of the UK financial system.

The financial services sector’s growing use of cloud technologies is one area that the July 2021 edition of the FPC’s Financial stability report flags as a concern, particularly the sector’s growing reliance on the tools and services offered by a relatively small pool of providers.

“Since the start of 2020, financial institutions have accelerated their plans to scale up their reliance on CSPs,” said the report, a nod to how the onset of the Covid-19 pandemic led to a surge in cloud use by financial services companies.

This development has not gone unnoticed by the sector’s regulators, which include the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), said the report, but concerns persist about the risk involved in having so many firms relying on such a few providers.

“Although the PRA and FCA have recently strengthened the regulation of firms’ operational resilience and third-party risk management, the increasing reliance on a few CSPs and other critical third parties could increase financial stability risks without greater direct regulatory oversight of the resilience of the services they provide,” the report stated.

In the light of this situation, the FPC’s view is that additional policy measures should be pushed through to help mitigate the “financial stability risks” and it is already working with the Bank of England, the FCA and the Treasury to achieve this.

“The FPC recognizes that absent a cross-sectoral regulatory framework, and cross-border co-operation where appropriate, there are limits to the extent to which financial regulators alone can mitigate these risks effectively,” said the report.

While the report stops short of calling out specific cloud providers, all three of the major public cloud firms – Amazon Web Services (AWS), Microsoft and Google – are known to have a firm footing in the financial services sector.

Also, all three organisations are known to have made a concerted effort in recent years to court financial services companies through the roll-out of industry-specific offerings and support teams with skills and experience of working with firms in the sector.

And even without the Covid-19 pandemic as a backdrop, the willingness of financial services firms to use cloud has increased markedly over the past decade, with regulators, including the FCA, issuing guidance advising firms within its scope on how to move to cloud in a safe and secure way.

Simon Hull, head of financial services at technology consultancy BJSS, said it is right for the FPC to be concerned about the dominant hold a few very large cloud firms have on the sector.

“One of the drivers for cloud migration is to improve operational resiliency of individual firms and the ecosystem in general, but if there are problems with the underlying infrastructure itself, this could impact thousands of systems at once,” he said.

“Financial service firms themselves understand this and are taking steps to both ensure resiliency and avoid supplier lock-in by introducing different arrangements such as hybrid private/public cloud and using more than one CSP in a multi-cloud strategy.”

At the same time, most cloud service providers rely on multiple data centre availability zones to ensure resiliency, he added.

“While this should give some comfort, the desire to better understand and manage this risk is natural, however the innovation enabled by cloud technology must also not be unduly stifled. Given its global nature and evolving state, this will require collaboration across regulatory bodies and industry participants,” Hull concluded.

Lees ook:

We gaan verhuizen. Wat betekent dit voor u als klant?

Door de jaren heen is er veel gebeurd. Reden voor ons om uit te breiden naar een andere locatie. In dit bericht leest u wat u kunt verwachten.

OldFlix: We bewaren oude films en series en presenteren ze: In een Netflix-achtige methode, maar gratis!

Wie kent ze niet, Charlie Chaplin, Dallas Dolls, Philips met hun nieuwe spectaculaire uitvindingen tot de spannende avonturen van de jeugddetective Q & Q. Maar waar kijkt u ze? Vanaf

Microsoft launches ‘top secret’ Azure cloud region for US intelligence community

Microsoft continues to deliver on its pledge to provide cloud services to the US government that are compliant with all strengths of data classification

Zo loopt de weg naar vertrouwen in ai

Net zoals vertrouwen in persoonlijke en zakelijke relaties moet groeien, heeft het ook tijd nodig voor een gebruiker van ai-technologie om vertrouwen te krijgen in het systeem. Transformatieve technologieën als zelfrijdende voertuigen kunnen alleen succesvol zijn als er duidelijke methoden en benchmarks zijn om vertrouwen te creëren in ai-systemen. Maar hoe wek je vertrouwen op in ai?

IT leaders fear ‘trickle-down’ of nation-state cyber attacks

Three-quarters of IT decision-makers are concerned that the tactics, techniques and procedures used by nation-state attackers could be used against them

Wilt u deze bijdrage aanbevelen? Dat kan via:

Share on facebook
Share on twitter
Share on linkedin
Share on google
Share on reddit
Share on tumblr
Share on stumbleupon
Share on mix
Share on telegram
Share on pocket
Share on whatsapp
Share on email

Klaar voor de beste oplossing voor uw IT & ICT-situatie?

Ik heb mijn wachtwoord gewijzigd in “onjuist.” Dus wanneer ik vergeet wat het is, zal de computer zeggen: “Uw wachtwoord is onjuist.”