Bank of England proposes new rules to curb reliance on big tech

Overreliance 'could impact UK financial stability if they were to fail or be disrupted'

The Bank of England proposes new rules to curb reliance on big tech

Image:
The Bank of England proposes new rules to curb reliance on big tech

The Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) have issued a consultation proposing new rules to regulate the finance sector's reliance on "critical third parties", or CTPs

The BoE proposes introducing a framework to designate certain tech firms that provide vital services to financial institutions as CTPs.

CTPs would be subject to regulatory requirements to enhance the robustness of the services they provide. These include minimum resilience standards, testing requirements and incident notification obligations.

There would also be a periodic review of designated CTPs and the services they provide to ensure they continue to warrant enhanced oversight.

This consultation reflects longstanding concerns from the BoE's Financial Policy Committee, which has been monitoring the potential systemic risks posed by CTPs for several years.

In 2018, it noted that "the market is at present highly concentrated among a few cloud service providers, therefore disruption at one provider — for example due to cyber attack — could interfere with the provision of vital services by several firms."

In 2021, the BoE introduced regulations for important banking and financial services industries (FSIs) around "stressed exits". FSIs must be able to demonstrate the ability to "substitute the service provider" or bring the outsourced service back in-house.

Deputy governor Sarah Breeden said on Thursday, "Financial market infrastructure firms are becoming increasingly dependent on third-party technology providers for services that could impact UK financial stability if they were to fail or be disrupted."

The BoE says the proposed measures aim to reduce the likelihood and impact of such disruptions on the financial stability of the UK.

Similar regulations are being formulated in the US and Europe.

The dominance of the big providers is coming under scrutiny elsewhere too, with Ofcom recommending a competition inquiry into two cloud companies, Microsoft and Amazon.

Roberto Cingolani, CEO of Italian aerospace giant Leonardo, recently called for state-controlled cloud services in Europe, saying: "A safe country needs a government cloud, at least for financial, health and defence data."