New rules needed to cover risks from cloud computing, says Bank of England


FILE PHOTO: A person walks past the Bank of England in the City of London financial district, in London, Britain, June 11, 2021. REUTERS/Henry Nicholls/File Photo

LONDON (Reuters) - New rules will be needed to deal with operational risks from banks relying on outsourced 'cloud' computing from Amazon, Google, Microsoft and others for providing services to customers, the Bank of England said on Friday.

"Regulated firms will continue to have primary responsibility for managing risks stemming from their outsourcing and third-party dependencies," the BoE's Financial Policy Committee said in a statement.

"However, additional policy measures, some requiring legislative change, are likely to be needed to mitigate the financial stability risks stemming from concentration in the provision of some third-party services."

Measures should include an ability to designate some third parties as 'critical', meaning they would be required to meet 'resilience' standards which would be regularly tested.

The BoE and the Financial Conduct Authority are due to publish a discussion paper on the subject next year, it said. The measures are similar to those in a European Union law now making its way through the approval process.

"These tests and sector exercises of critical third parties could potentially be carried out in collaboration with overseas financial regulators and other relevant UK authorities," the BoE said.

The BoE had already sounded a note of caution about the cloud and is now checking banks for their "exit strategy", or how quickly they could switch to an alternative cloud provider or in-house back up if there is a cloud outage to avoid disruption to customers, consultants KPMG said.

This has already led to banks thinking harder about the business case for the cloud in some services, and whether it would get the green light from regulators.

"Trying to replicate this service on premises or a different cloud actually doubles your cost," said Mark Corns, a director for technology consulting at KPMG.

Banks who moved early into the cloud are having to "retrofit" resilience requirements, Corns said.

"What we are seeing is a much more tentative approach to what goes into the cloud. Now we've got this clearer guidance from the regulators, what it's doing is challenging the banks to figure out what and how they gain the benefit," Corns said.

(Reporting by Huw Jones, Editing by Louise Heavens)

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 46
Cxense type: free
User access status: 3
Join our Telegram channel to get our Evening Alerts and breaking news highlights

   

Next In Tech News

EU draft rules for gig workers target Uber, Deliveroo, online platforms
U.S. senators announce bipartisan social media data transparency bill
Bitcoin network computing power nears pre-China-crackdown record
JPJ site crashes as motorists scramble to pay summons at 80% discount
Toshiba investors fret over lack of clarity surrounding vote on breakup plan
Tech firms say EU rules should ensure they are regulated in their bases
Hackers make some Vestas' data public after ransomware attack
Why global tech turns to Indian talent
Italy fines Amazon record $1.3 billion for abuse of market dominance
Lyft pushes back staff’s return to office until 2023 at earliest

Others Also Read


Vouchers