A idiosyncratic walks past the Bank of England successful the City of London fiscal district, successful London, Britain connected June 11, 2021. (Henry Nicholls/Reuters)
LONDON—New rules volition beryllium needed to woody with operational risks from banks relying connected outsourced ‘cloud’ computing from Amazon, Google, Microsoft, and others for providing services to customers, the Bank of England said connected Friday.
“Regulated firms volition proceed to person superior work for managing risks stemming from their outsourcing and third-party dependencies,” the BoE’s Financial Policy Committee said successful a statement.
“However, further argumentation measures, immoderate requiring legislative change, are apt to beryllium needed to mitigate the fiscal stableness risks stemming from attraction successful the proviso of immoderate third-party services.”
Measures should see an quality to designate immoderate 3rd parties arsenic ‘critical’, meaning they would beryllium required to conscionable ‘resilience’ standards which would beryllium regularly tested.
The BoE and the Financial Conduct Authority are owed to people a treatment insubstantial connected the taxable adjacent year, it said. The measures are akin to those successful a European Union instrumentality present making its mode done the support process.
“These tests and assemblage exercises of captious 3rd parties could perchance beryllium carried retired successful collaboration with overseas fiscal regulators and different applicable UK authorities,” the BoE said.
The BoE had already sounded a enactment of caution astir the unreality and is present checking banks for their “exit strategy”, oregon however rapidly they could power to an alternate unreality supplier oregon in-house backmost up if determination is simply a unreality outage to debar disruption to customers, consultants KPMG said.
This has already led to banks reasoning harder astir the concern lawsuit for the unreality successful immoderate services, and whether it would get the greenish airy from regulators.
“Trying to replicate this work connected premises oregon a antithetic unreality really doubles your cost,” said Mark Corns, a manager for exertion consulting astatine KPMG.
Banks who moved aboriginal into the unreality are having to “retrofit” resilience requirements, Corns said.
“What we are seeing is simply a overmuch much tentative attack to what goes into the cloud. Now we’ve got this clearer guidance from the regulators, what it’s doing is challenging the banks to fig retired what and however they summation the benefit,” Corns said.
By Huw Jones