UK financial regulators are reportedly concerned about the sector’s reliance on a subset of cloud computing providers that leaves banks vulnerable to service outages and hacks. 

The Prudential Regulation Authority (PRA) is said to be exploring ways to access more data from the likes of Amazon, Microsoft and Google, according to the Financial Times.

Amazon Web Services (AWS), Microsoft Azure and Google Cloud are often listed as the three biggest providers in the world, with each company increasingly active in the financial sector.

All three have made extensive deals with UK banks in recent years, offering services to reduce IT costs by migrating firms away from on-premise to the cloud, where they can capitalise on new technologies such as AI.  

The use of cloud computing by UK banks is covered under the PRA’s operational resilience framework, however, the use of just a few larger companies is causing concern, particularly given recent outages. 

While the PRA declined to confirm the FT‘s report, a source with knowledge of the situation told IT Pro financial regulators in the UK are now looking at ways to tackle the financial system’s increasing cloud service providers, which could see the introduction of additional policy measures, some requiring legislative change. 

The PRA is a part of the Bank of England (BoE), which has also expressed concern in this area; in July 2021, the BoE warned that UK banks moving more and more of their administration and account online “could pose a risk to financial stability”. It also argued that the market for cloud services was highly concentrated with AWS, Microsoft and Google all enjoying heavy dominance. 

Sections of the UK’s government have also questioned how much it depends on the likes of AWS. In February 2021, Conservative life peer Lord Holmes said that AWS represented “the latest iteration of the biggest player”, adding that in regards to cloud procurement, it was being allowed to “eat the largest piece of pie”.