Cloud service providers Microsoft, Google, Amazon, and Oracle have been classified by Britain as critical third-party suppliers to the financial sector, subject to direct regulatory monitoring.
By lowering the possibility of widespread disruption from cyberattacks or system breakdowns, the action aims to increase the resilience of financial organizations.
“As banks, insurers, and financial market infrastructures become increasingly reliant on cloud services, disruption at a major supplier could affect multiple firms at the same time, potentially impacting services customers depend on,” the government stated in a statement on Friday.
With effect from July 13, the government classified Oracle Corporation UK Ltd., Google Cloud EMEA Ltd., Microsoft Ireland Operations Ltd., and Amazon Web Services EMEA SARL as key third parties.
The Bank of England, the Financial Conduct Authority, and the Prudential Regulation Authority will oversee the companies collectively. They will have to record significant incidents, perform frequent self-evaluations, and go through resilience testing.
The European Union, which designated 19 technology and services companies under a similar framework in November, takes a different stance than Britain.
A spokeswoman for Google Cloud said: “With effective implementation and meaningful industry engagement, this new critical third-party framework can enhance the long-term resilience of the UK’s financial ecosystem and increase understanding, transparency, and trust between all parties.”
