Connect with us

Technology

New rules needed to cover risks from cloud computing, says Bank of England

New rules needed to cover risks from cloud computing, says Bank of England 1

By Huw Jones

LONDON (Reuters) – New rules will be needed to deal with operational risks from banks relying on outsourced ‘cloud’ computing from Amazon, Google, Microsoft and others for providing services to customers, the Bank of England said on Friday.

“Regulated firms will continue to have primary responsibility for managing risks stemming from their outsourcing and third-party dependencies,” the BoE’s Financial Policy Committee said in a statement.

“However, additional policy measures, some requiring legislative change, are likely to be needed to mitigate the financial stability risks stemming from concentration in the provision of some third-party services.”

Measures should include an ability to designate some third parties as ‘critical’, meaning they would be required to meet ‘resilience’ standards which would be regularly tested.

The BoE and the Financial Conduct Authority are due to publish a discussion paper on the subject next year, it said. The measures are similar to those in a European Union law now making its way through the approval process.

“These tests and sector exercises of critical third parties could potentially be carried out in collaboration with overseas financial regulators and other relevant UK authorities,” the BoE said.

The BoE had already sounded a note of caution about the cloud and is now checking banks for their “exit strategy”, or how quickly they could switch to an alternative cloud provider or in-house back up if there is a cloud outage to avoid disruption to customers, consultants KPMG said.

This has already led to banks thinking harder about the business case for the cloud in some services, and whether it would get the green light from regulators.

“Trying to replicate this service on premises or a different cloud actually doubles your cost,” said Mark Corns, a director for technology consulting at KPMG.

Banks who moved early into the cloud are having to “retrofit” resilience requirements, Corns said.

“What we are seeing is a much more tentative approach to what goes into the cloud. Now we’ve got this clearer guidance from the regulators, what it’s doing is challenging the banks to figure out what and how they gain the benefit,” Corns said.

(Reporting by Huw Jones, Editing by Louise Heavens)

Editorial & Advertiser disclosure
Our website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.
Global Banking and Finance Review Awards Nominations 2022
2022 Awards now open. Click Here to Nominate

Recommended

Newsletters with Secrets & Analysis. Subscribe Now