- Access the UK press release on AWS, Microsoft, Google finance sector watch here.
The UK government placed four of the world’s largest cloud computing companies under direct regulatory oversight by designating them as “critical third parties” to the financial sector. This first-of-its-kind measure aims to prevent a single technology outage from disrupting banks, insurers, and payment systems nationwide.
The designated firms are Microsoft Ireland Operations Ltd, Google Cloud EMEA Ltd, Amazon Web Services EMEA SARL and Oracle Corporation UK Ltd. From today, the Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) will jointly supervise the resilience of the cloud services these companies provide to UK financial firms.
Why does it matter?
British banks, insurers, and financial market infrastructure operators rely heavily on a few cloud providers for core operations. Regulators warn that this concentration creates a single point of failure. An outage or cyberattack at a major supplier could simultaneously disrupt many financial firms and their customers, rather than being limited to a single company, as with a traditional IT failure.
What changes under the new regime?
Designation does not indicate that these companies are newly authorised or endorsed by regulators, nor does it transfer legal responsibility for resilience from the banks and insurers that use their services. Financial firms remain responsible for managing their own third-party risk.
The four companies must now comply with requirements set by the Bank of England, the PRA, and the FCA regarding the identification, management, and recovery of operational incidents affecting critical UK financial services. Regulators are authorized to collect information from these providers, conduct incident-management exercises, review required self-assessments, and take disciplinary action if standards are not met.
The regime is based on the Financial Services and Markets Act 2023, which authorizes the Treasury to designate critical third parties on regulators’ recommendations. Regulators published the final framework rules in November 2024, effective from January 1, 2025. However, no company was designated until Monday. The four designations announced are the first to take effect under regulations that take effect on July 13, 2026.
The Treasury stated that additional providers may be included in the regime as regulators identify other suppliers whose services are systemically important to the financial sector. Companies already under direct oversight by the Bank, PRA, or FCA in another capacity will not be separately designated as critical third parties.
The wider context
Britain’s approach is intended to complement similar regulations, such as the European Union’s Digital Operational Resilience Act (DORA) and the US Bank Service Company Act. However, UK regulators have emphasized that alignment with…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]