Bank of England warns sector is too reliant on "secretive" cloud providers
The organisation has called for greater regulation of the services cloud providers offer financial institutions
The Bank of England (BoE) has warned about the financial sector's increasing reliance on "secretive" cloud service providers that operate online servers.
In its latest survey on the state of financial systems, the BoE expressed concerns that the UK's banks are moving more and more of their administration and accounts online, warning that this "could pose a risk to financial stability".
The BoE has previously raised concerns that the market for cloud services is highly concentrated, with companies such as Microsoft and Amazon Web Services (AWS) heavily dominating. Ministers have also previously questioned the government's own reliance on those two tech giants.
However, the organisation's concerns have been repeated due to the pandemic, which has seen financial institutions accelerate digital transformation plans and increase their reliance on cloud service providers (CSPs).
In a news conference, BoE Governor Andrew Bailey expressed his concerns about the "secretive" nature of these CSPs, saying that while he "understood cloud providers' desire not to reveal too much publicly about their operations in case it opened the door to cyber attacks, firms needed to give more information to regulators and customers."
"That concentrated power on terms can manifest itself in the form of secrecy, opacity, not providing customers with the sort of information they need to monitor the risk in the service," he said, according to Reuters.
The secure cloud configuration imperative
The central role of cloud security posture managementWatch now
The Prudential Regulation Authority and Financial Conduct Authority have recently strengthened regulations regarding operational resilience and third-party risk management, according to the BoE, but the increasing reliance on a small number of CSPs could increase financial stability risks without greater direct regulatory oversight of the resilience of those provider's services.
"The Financial Policy Committee (FPC) is of the view that additional policy measures to mitigate financial stability risks in this area are needed, and welcomes the engagement between the Bank, FCA and HM Treasury on how to tackle these risks," the Bank of England said in its report.
"The FPC recognises that absent a cross-sectoral regulatory framework, and cross-border co-operation where appropriate, there are limits to the extent to which financial regulators alone can mitigate these risks effectively."
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download