LONDON (Reuters) -The Bank of England and Britain’s Financial Conduct Authority on Thursday proposed rules to regulate the heavy reliance of financial firms on external technology companies for critical operations.
Banks, insurers, investment firms and market infrastructure use ‘critical third parties’ or external firms such as Microsoft, Google, IBM and Amazon for cloud computing and other services to improve efficiency.
Regulators worry that a glitch at one cloud company could potentially bring down services across many financial firms.
The finance ministry has yet to designate which third parties will face the eight requirements proposed on Thursday to monitor and manage these risks.
The minimum resilience standards require a third party to identify all services it provides to a financial firm, assess risks to its services and implement appropriate controls, undertake regular testing and have a mechanism for handling failures.
The standards aim to prevent or minimise disruption if an external service provider were to go down.
“Financial market infrastructure firms are becoming increasingly dependent on third-party technology providers for services that could impact UK financial stability if they were to fail or be disrupted,” BoE Deputy Governor Sarah Breeden said.
The BoE had already begun requesting annual updates on the resilience of third parties to cyber attacks, and monitoring cloud computing providers given the “increasing reliance” of the financial sector on a small number of them.
The regulators said their proposals are designed to be “interoperable” with similar rules being introduced in the United States and European Union.
(Reporting by David Milliken and Huw Jones, Editing by Kylie MacLellan and Christina Fincher)