UK (Parliament Politics Magazine) – From 1 January, the Bank of England and the FCA will regulate tech firms providing critical services to British banks, focusing on protecting financial stability.
This comes after growing concerns that cyber-attacks and outages from major firms like Google and Amazon could threaten the nation’s financial security.
Starting from 1 January, the BoE and FCA will have the power to oversee companies that are essential to the everyday operations of the expanding digital banking and funding system.
As reported by The Guardian, the regulation will cover companies offering cloud services, artificial intelligence, and fraud-detecting programs.
It is believed that by adding more rules, including reporting major problems and preparing for emergencies, banking shutdowns can be prevented.
As part of their continued efforts, regulators are compiling a list of critical companies for regulations. The major firms like Amazon Web Services, serving clients like HSBC, Starling Bank, Nationwide, and Monzo, are expected to be included.
Google could come under regulatory scrutiny as it provides services to major companies like Revolut, NatWest, GoCardless, and Atom Bank. Microsoft, which also serves many of the same clients, counts Investec, Virgin Money, and Standard Chartered as its customers.
Ministers are expected to sign off on the final list by June, which will be the first instance of major tech firms’ web services being regulated by the city.
Labour ministers may find it difficult to decide which firms should be regulated, as they are trying to bring more investment to Britain, especially from major US tech companies.
In a recent statement, Chancellor Rachel welcomed Amazon Web Services’ £8bn investment in building data centres in the UK. The tech companies expect to create up to 14,000 jobs in Amazon and local businesses, as well as add £14bn to the UK’s GDP from 2024 to 2028.
Under the new regulatory framework, tech companies and their suppliers will be required to pass stress evaluations planned to examine their response to simulated crises that could risk their systems. It is also mandatory to notify the Bank of England and the FCA about significant events like cyber-attacks, power failures, and natural incidents.
Recently, the FCA stated,
“Financial firms and financial market infrastructures, such as payment systems, have become increasingly reliant on the services of a small number of third-party providers, known as critical third parties.”
It continued,
“While these third parties can enhance competitiveness for the sector, disruption or failure to one of them – such as a cyber-attack or power outage – could affect a large number of consumers and firms, and threaten the stability of the UK financial system.”
Since 2018, the Bank of England has been closely observing third-party providers such as cloud services to protect the maintain the UK’s financial infrastructure.
Andrew Bailey, the Bank of England’s governor, in 2021 highlighted concerns about the increasing dependence on cloud services, urging for better assurance of their reliability.
While commenting on the regulation plan, a spokesperson of the Treasury said,
“We are working with the FCA, PRA [Prudential Regulation Authority] and Bank of England to regulate systemically critical third-party suppliers that support the UK financial sector. We will decide which companies will be regulated in 2025.”