The Bank of England (BoE) has warned about the financial sector's increasing reliance on "secretive" cloud service providers that operate online servers.
In its latest survey on the state of financial systems, the BoE expressed concerns that the UK's banks are moving more and more of their administration and accounts online, warning that this "could pose a risk to financial stability".
The BoE has previously raised concerns that the market for cloud services is highly concentrated, with companies such as Microsoft and Amazon Web Services (AWS) heavily dominating. Ministers have also previously questioned the government's own reliance on those two tech giants.
However, the organisation's concerns have been repeated due to the pandemic, which has seen financial institutions accelerate digital transformation plans and increase their reliance on cloud service providers (CSPs).
In a news conference, BoE Governor Andrew Bailey expressed his concerns about the "secretive" nature of these CSPs, saying that while he "understood cloud providers' desire not to reveal too much publicly about their operations in case it opened the door to cyber attacks, firms needed to give more information to regulators and customers."
"That concentrated power on terms can manifest itself in the form of secrecy, opacity, not providing customers with the sort of information they need to monitor the risk in the service," he said, according to Reuters.
The secure cloud configuration imperative
The central role of cloud security posture management
The Prudential Regulation Authority and Financial Conduct Authority have recently strengthened regulations regarding operational resilience and third-party risk management, according to the BoE, but the increasing reliance on a small number of CSPs could increase financial stability risks without greater direct regulatory oversight of the resilience of those provider's services.
"The Financial Policy Committee (FPC) is of the view that additional policy measures to mitigate financial stability risks in this area are needed, and welcomes the engagement between the Bank, FCA and HM Treasury on how to tackle these risks," the Bank of England said in its report.
"The FPC recognises that absent a cross-sectoral regulatory framework, and cross-border co-operation where appropriate, there are limits to the extent to which financial regulators alone can mitigate these risks effectively."
