Cloud computing: Why the Bank of England has flagged it as a threat to financial stability

Cloud computing service providers were one of the several threats pointed out by BoE in its assessment of the risks to the UK’s financial system.

The world could ride out a pandemic only because technology enabled everything, from buying and selling to conducting university classes from home. In the last couple of years, the shopping experience has been revolutionised by e-commerce companies through the use of technology. Technology is said to have been the single-biggest factor that simplified the life and nature of doing business.

But for all the boons, there are always some banes. With the growth of technology companies, data and its ownership have become crucial pain points in the privacy debate globally. These companies are founded on a minefield of citizens’ data—everything from their debt history to credit card details. And as data is now known as the new oil, technology companies have gradually become much more powerful than sovereign governments would have liked them to be.

The Bank of England has also joined in with its reservations against cloud computing. The central bank’s bi-annual Financial Stability Report flags the growth of cloud computing as something that increases systemic risks to financial stability.

What is cloud computing?

To put it in simple terms, cloud computing is using computing services, like storage, databases, analytics and intelligence, storage, and networking, through the internet to offer better innovation, economies of scale, and flexible resources.

Users are paying only for the cloud services that they use, thus helping them to reduce operating costs and manage infrastructure efficiently. Expenses of investing in software and hardware as well as operating on-site data centres are completely eliminated through cloud computing. It also enables businesses to scale elastically by delivering the right amount of IT resources from the correct geographic location.

As these on-site data centers need time-consuming IT management, like patching software and setting up hardware, storing data requires a lot of stacking and racking. These hassles are completely removed, thanks to cloud computing. This also helps IT teams to spend more time on achieving important business goals.

What are BoE’s concerns?

The BoE has expressed concerns that these service providers who provide IT support to the financial sector can act secretively, and hence regulators need to be vigilant that a few outside companies do not end up threatening the financial stability of the UK.

The central bank is now stressing the need for new regulations that would govern service providers like Amazon and Microsoft in areas such as insurance and banking. The Financial Policy Committee (FPC) said that additional policies were necessary to mitigate risks to financial stability in such sectors.

The main challenge facing the financial sector in its exposure to cloud computing is that these service providers are very few. The market is densely concentrated among a few players, and this could pose risks to financial stability.

That concentration of power can manifest in the form of opacity and secrecy in not providing the information that customers need for monitoring the risks associated with the service. The governor of BoE, Andrew Bailey, said that the regulator was aware of why cloud service providers are reluctant to publicly disclose much information about their operations due to threats of cyber-attacks, but the service providers would have to disclose more to customers and regulators, and a balance has to be struck on the extent of disclosures, Bailey had said.

Since the beginning of last year, financial institutions have expedited their plans to use cloud service providers. Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have recently been able to strengthen operational resilience as well as third-party risk management.

To mitigate the third-party risks arising from greater reliance on cloud computing companies, more engagement is necessary between the various regulators like FCA, HM Treasury, and the BoE on ways to tackle these challenges. A cross-sectoral regulatory framework at the moment is absent, and that has been recognised by the central bank. FCA has also pointed out that in the absence of co-operation across borders wherever required, financial regulators alone cannot singlehandedly mitigate these risks.

Leverage ratio framework review

Leverage requirements, which include the scope of the regime, are an essential component of the capital requirements frameworks for the banking system. In the light of new international standards, FCA has held a comprehensive review of the leverage ratio framework. Several proposals for changes have come up for consulting, which the FCA is ready to take up and review its policy.

The PRA has also laid down ways for implementing these changes, and the FPC is holding consultations on the roadmap and welcomed PRA’s approach to make the required changes.

Cloud computing service providers were one of the several threats pointed out by BoE in its assessment of the risks to the UK’s financial system. It also highlighted that price of certain assets appears elevated compared to their historical levels. This partly reflects a better economic outlook but could also depict the need for yield in an environment of low interest rate and higher risk appetite.

Other risks and way ahead

Another technology-related area that has been highlighted by the BoE as having risk-taking potential is the rise of cryptocurrencies as well as the interest seen around SPACs or special acquisitions companies.

While cryptocurrencies are unlikely to pose any threat to financial stability as they are owned mainly by retail investors, the rising interest shown by institutions could change that in the near future. Despite risks to the financial system, the central bank was doing away with the COVID-era restraints imposed on banks, which prevented them from paying dividends.

Technology companies are being rounded up worldwide for antitrust issues. There are growing concerns that these few companies are disrupting the market and killing competition. The vast amount of data that these companies hold also pose geopolitical threats to sovereign countries.

The latest concerns raised by the Bank of England in its bi-annual Financial Stability Report echo similar concerns. It is not just the sovereignty of countries that are at risk, but also their financial security. Failure to reign in these technology companies through a robust regulatory framework would massively disrupt not just UK, but other countries as well. To safeguard the interests of customers and financial companies, cross-border co-operation is extremely crucial in framing regulations.



Kunal Sawhney
Kunal Sawhney is founder & CEO at Kalkine.