Skip naar inhoud

Financial services sector’s cloud use set for more regulatory scrutiny on resilience grounds

Wilt u deze bijdrage aanbevelen? Dat kan via:

Financial stability report by Bank of England’s Financial Policy Committee raises red flag about banks’ growing reliance on a small number of cloud service providers
The UK financial system’s growing reliance on a few cloud service providers (CSPS) could be subject to closer regulatory scrutiny, based on the findings of a report by the Bank of England’s Financial Policy Committee (FPC).

The FPC’s biannual Financial stability report sets out to identify areas for banks and building societies to be wary of that could pose a systemic risk to their operations and the overall resilience of the UK financial system.

The financial services sector’s growing use of cloud technologies is one area that the July 2021 edition of the FPC’s Financial stability report flags as a concern, particularly the sector’s growing reliance on the tools and services offered by a relatively small pool of providers.

“Since the start of 2020, financial institutions have accelerated their plans to scale up their reliance on CSPs,” said the report, a nod to how the onset of the Covid-19 pandemic led to a surge in cloud use by financial services companies.

This development has not gone unnoticed by the sector’s regulators, which include the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA), said the report, but concerns persist about the risk involved in having so many firms relying on such a few providers.

“Although the PRA and FCA have recently strengthened the regulation of firms’ operational resilience and third-party risk management, the increasing reliance on a few CSPs and other critical third parties could increase financial stability risks without greater direct regulatory oversight of the resilience of the services they provide,” the report stated.

In the light of this situation, the FPC’s view is that additional policy measures should be pushed through to help mitigate the “financial stability risks” and it is already working with the Bank of England, the FCA and the Treasury to achieve this.

“The FPC recognizes that absent a cross-sectoral regulatory framework, and cross-border co-operation where appropriate, there are limits to the extent to which financial regulators alone can mitigate these risks effectively,” said the report.

While the report stops short of calling out specific cloud providers, all three of the major public cloud firms – Amazon Web Services (AWS), Microsoft and Google – are known to have a firm footing in the financial services sector.

Also, all three organisations are known to have made a concerted effort in recent years to court financial services companies through the roll-out of industry-specific offerings and support teams with skills and experience of working with firms in the sector.

And even without the Covid-19 pandemic as a backdrop, the willingness of financial services firms to use cloud has increased markedly over the past decade, with regulators, including the FCA, issuing guidance advising firms within its scope on how to move to cloud in a safe and secure way.

Simon Hull, head of financial services at technology consultancy BJSS, said it is right for the FPC to be concerned about the dominant hold a few very large cloud firms have on the sector.

“One of the drivers for cloud migration is to improve operational resiliency of individual firms and the ecosystem in general, but if there are problems with the underlying infrastructure itself, this could impact thousands of systems at once,” he said.

“Financial service firms themselves understand this and are taking steps to both ensure resiliency and avoid supplier lock-in by introducing different arrangements such as hybrid private/public cloud and using more than one CSP in a multi-cloud strategy.”

At the same time, most cloud service providers rely on multiple data centre availability zones to ensure resiliency, he added.

“While this should give some comfort, the desire to better understand and manage this risk is natural, however the innovation enabled by cloud technology must also not be unduly stifled. Given its global nature and evolving state, this will require collaboration across regulatory bodies and industry participants,” Hull concluded.

Lees ook:

Nederland digi-vaardigst, België gemiddeld

Nergens in Europa zijn relatief meer inwoners bedreven in het gebruik van internet, computers en software dan in Nederland en Finland. Beide landen voeren de ranglijst aan van digitale vaardigheden. België scoort gemiddeld. Dit blijkt uit onderzoek door het Centraal Bureau voor de Statistiek (CBS) en Eurostat.

Security-specialist loopt verhoogd risico op burn-out

Het merendeel van securityprofessionals zegt harder te werken dan ooit, en het werk desalniettemin niet af te krijgen. Ook kan het werk stressvol zijn. Tegelijkertijd biedt cybersecurity een prachtig loopbaanperspectief.

Rekenkamer signaleert risico’s bij algoritmes

De Algemene Rekenkamer heeft een toetsingskader ontwikkeld om algoritmes te beoordelen. Het orgaan baseert zich op een studie naar negen algoritmes die bij de overheid in gebruik zijn; slechts drie voldeden aan alle aspecten. Staatssecretaris Digitalisering Van Huffelen gebruikt de bevindingen om digitale voorschriften te verbeteren.

Helft bedrijven vertrouwt op oude securitystrategie

Uit een studie van het Ponemon Institute uit de Verenigde Staten blijkt dat een aanzienlijk deel van de bedrijven nog steeds beveiligingsprocessen en -beleid van vóór de coronapandemie gebruikt, waardoor hun veiligheid in gevaar komt.

Two-thirds of UK organisations defrauded since start of pandemic

Nearly two out of three UK companies say they have experienced some form of fraud or economic crime in the past two years, according to a report

Is de Franse reparatie-index een jaar later zijn beloftes nagekomen?

De Franse reparatie-index is op 1 januari 2021 in werking getreden. Een wereldprimeur, het is van toepassing op 5 productcategorieën: smartphones, laptops, wasmachines, tv's en grasmaaiers.

Wilt u deze bijdrage aanbevelen? Dat kan via:

Klaar voor de beste oplossing voor uw IT & ICT-situatie?

Ik heb mijn wachtwoord gewijzigd in “onjuist.” Dus wanneer ik vergeet wat het is, zal de computer zeggen: “Uw wachtwoord is onjuist.”