Proposed legislation will give Britain's financial regulator powers to visit data centers hosting cloud computing companies like Amazon Web Services, Google Cloud, and Microsoft Azure.
HM Treasury released a policy paper proposing a new regulatory framework that would provide the Bank of England (BoE) and the Financial Conduct Authority (FCA) with new powers to visit and regulate the cloud sector.
The Treasury said that the powers were necessary due to the increasing dependence of the banking sector on a small number of cloud providers. More than 65 percent of UK banking and insurance firms used the same four cloud providers in 2020, the government warned.
Last year, the Bank of England said that "secretive" companies and contracts could become a threat to financial stability.
This concentration poses a systemic risk should there be a disruption to these services, the Treasury said, calling for new legislation to give it powers to regulate third parties it views as "critical."
Once a company is deemed as critical, the regulator will be able to demand information about its infrastructure, visit its data centers, and take formal action where necessary. What such action could entail was not disclosed.
The government now intends to pass legislation to allow for the new powers "when parliamentary time allows." The financial regulator will publish its discussion paper after the legislation is introduced, and publish a consultation paper taking in feedback from the first paper, following Royal Assent of the legislation.
Other regulators are also concerned about the concentration of the financial sector in just a few cloud companies' hands.
In 2019, the US Federal Reserve conducted a formal examination of an AWS data center in Virginia.
The examiners were concerned that an outage or security vulnerability would take out Goldman Sachs, Capital One, Nasdaq, and payments company Stripe, among others.