New rules needed to cover cloud computing risks, Bank of England says
LONDON, Oct. 8 (Reuters) – New rules will be needed to address the operational risks of banks relying on outsourced cloud computing from Amazon (AMZN.O), Google (GOOGL.O), Microsoft ( MSFT.O) and others to provide services to clients, the Bank of England said on Friday.
“Regulated companies will continue to have primary responsibility for managing the risks arising from their outsourcing and dependencies on third parties,” the BoE’s financial policy committee said in a statement.
“However, additional policy measures, some of which require legislative changes, are likely to be needed to mitigate the risks to financial stability resulting from the concentration in the provision of certain third-party services.”
The measures should include the possibility of designating third parties as “critical”, meaning that they would be required to meet “resilience” standards which would be regularly tested.
The BoE and the Financial Conduct Authority are expected to issue a discussion paper on the subject next year, he said. The measures are similar to those of a pending European Union law.
“These critical third-party industry tests and exercises could potentially be carried out in conjunction with foreign financial regulators and other relevant UK authorities,” the BoE said.
The BoE had previously issued a warning about the cloud and is now checking with banks their “exit strategy”, or how quickly they could switch to another cloud provider or internal backup in the event of a failure. cloud to avoid disruption. to clients, said KPMG consultants. Read more
This has already led banks to think more about the business case for cloud in certain services and whether it would get the green light from regulators.
“Trying to replicate this service on-premises or in another cloud actually doubles your cost,” said Mark Corns, director of technology consulting at KPMG.
Banks that moved early to the cloud need to “renovate” the requirements for resilience, Corns said.
“What we’re seeing is a much more hesitant approach to what’s going on in the cloud. Now that we have these clearer guidance from regulators, what it does is challenge banks to determine what they get from it and how they benefit from it, ”he added. noted.
Reporting by Huw Jones, editing by Louise Heavens
Our Standards: Thomson Reuters Trust Principles.