New rules will be needed to deal with operational risks from banks relying on outsourced ‘cloud’ computing from Amazon, Google, Microsoft etc., The Bank of England said that, this is for providing services to customers. The BoE’s Financial Policy Committee said in a statement that the regulated firms will continue to have primary responsibility for managing risks stemming from their outsourcing and third-party dependencies.
Anyway, the committee added that the additional policy measures, some requiring legislative change, are likely to be needed to mitigate the financial stability risks. Those measures should include an ability to designate some third parties as critical. The BoE and the Financial Conduct Authority are due to publish a discussion paper on this subject next year. These measures are similar to those in a European Union law.
The BoE stated that, these tests and sector exercises of critical third parties could potentially be carried out in collaboration with overseas financial regulators and other relevant UK authorities. The BoE had already sounded a note of caution about the cloud. It is now checking banks for their exit strategy. And also, their quick switch to an alternative cloud provider or in-house back up. This has already led to banks thinking harder about the business case. Mark Corns, a director for technology consulting at KPMG said that, trying to replicate this service on premises or a different cloud actually doubles the cost. Corns added that the Banks who moved early into the cloud are having to retrofit resilience requirements.
He also added that what they are seeing is a much more tentative approach to what goes into the cloud. Now they have got this clearer guidance from the regulators, what it is doing is challenging the banks to figure out what and how they gain the benefit.