Cloud computing providers to the financial sector can be "secretive", and regulators need to act to avoid banks' reliance on a handful of outside firms becoming a threat to financial stability, the Bank of England said on Tuesday.
(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
Banks and other financial firms are outsourcing key services to cloud computing companies such as Amazon, Microsoft and Google to improve efficiency and cut costs, with the trend accelerating last year as the COVID-19 pandemic unfolded.
The BoE said cloud computing could sometimes be more reliable than banks hosting all their servers themselves. But big providers could dictate terms and conditions - as well as prices - to key financial firms.
"That concentrated power on terms can manifest itself in the form of secrecy, opacity, not providing customers with the sort of information they need to monitor the risk in the service," BoE Governor Andrew Bailey told a news conference. "We have seen some of that going on."
Also Read | Does 5G have potential to be a harmonising technology layer?
Bailey did not name specific firms he had concerns about.
Earlier the BoE's Financial Policy Committee said additional policy measures were needed to mitigate financial stability risks in cloud computing.
"In terms of the standards of resilience and the testing of those standards of resilience, frankly we will have to roll some of that back, that secrecy that goes with it. It's not consistent with our objectives," Bailey said.
Bailey said the BoE understood cloud providers' desire not to reveal too much publicly about their operations, in case it opened the door to cyberattacks, but that the firms needed to give more information to regulators and customers.
"We have got to strike a balance here," Bailey said.
The BoE said it welcomed the engagement of the finance ministry and Financial Conduct Authority on how to tackle risks from cloud computing, but that a broader approach may be needed, including other regulators and overseas partners.
