Register today to access recent news and articles.

UK regulators bring Amazon, Google, Microsoft and Oracle under direct resilience oversight

The Bank of England, Prudential Regulation Authority and Financial Conduct Authority will begin direct oversight of four major technology providers whose services underpin large parts of the UK financial system.

HM Treasury has designated Amazon Web Services EMEA, Google Cloud EMEA, Microsoft Ireland Operations and Oracle Corporation UK as the first Critical Third Parties under the UK’s new operational resilience regime.

The oversight will begin on 13 July and will focus on the resilience of services supplied to banks, insurers, financial market infrastructures and other regulated firms.

The designation reflects growing concern about concentration within financial services technology. Banks and other institutions increasingly rely on a small number of cloud and infrastructure providers for data storage, payments, digital banking, treasury systems, customer onboarding and transaction processing.

A disruption affecting one large provider could therefore spread across multiple institutions and markets at the same time.

The new regime allows the Bank of England, PRA and FCA to assess the system-wide risks created by those dependencies. Designated providers will be expected to identify risks to critical services, maintain effective controls and communicate promptly with regulators and financial institutions during major incidents.

Sarah Breeden, Deputy Governor for Financial Stability at the Bank of England, said critical third parties can introduce new forms of systemic risk as they become more deeply embedded in financial institutions.

The framework does not replace the responsibilities of individual banks and financial firms. Regulated institutions will remain responsible for due diligence, contingency planning and management of their own outsourcing arrangements.

For transaction banking, trade finance and working capital providers, resilience is particularly important because these businesses depend on continuous access to payments infrastructure, client portals, compliance systems and transaction data.

The regime marks a significant change in financial regulation. Supervisors are no longer looking only at the resilience of regulated institutions themselves, but also at the technology companies on which much of modern banking now depends.

To top
BCR Publishing
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.