The UK government has designated Microsoft, Alphabet, Amazon and Oracle as Critical Third Parties, placing the cloud services they supply to the financial sector under joint oversight by three regulators. The move targets the risk that one provider’s failure could disrupt many financial institutions at once.
The UK government named Microsoft, Alphabet, Amazon and Oracle as Critical Third Parties to the country’s financial system on Friday, subjecting the cloud services they sell to banks and other firms to direct regulatory oversight. Shares moved little on the news: MSFT rose 0.4% and ORCL climbed 1%, while GOOG and AMZN each edged 0.2% lower.
Three regulators to oversee cloud services
The framework covers Microsoft Ireland Operations, Google Cloud EMEA, Amazon Web Services EMEA and Oracle Corporation UK. The Bank of England, the Prudential Regulation Authority and the Financial Conduct Authority will jointly supervise the critical services these companies provide to the financial sector, aiming to reduce the risk of widespread disruption if a major cloud provider hits operational problems. That oversight applies only to the financial sector, not to the firms’ broader businesses.
Under the rules, the designated companies must maintain strong systems to identify, manage and recover from disruptions that hit services used by financial institutions. Regulators can also gather information, assess operational resilience and, when necessary, introduce or enforce CTP-specific rules to keep critical services running.
According to Rachel Blake, Economic Secretary to the Treasury: “These designations will help ensure the critical services financial firms rely on remain resilient…”
A response to concentrated cloud reliance
The Critical Third Parties designation was established under the UK’s Financial Services and Markets Act 2023 to improve operational resilience, after concern grew that outages at major cloud providers could hit multiple financial institutions at the same time. It builds on the Bank of England’s 2021 assessment that the sector’s growing reliance on a small number of cloud providers warranted stronger oversight.
A CloudGuard Financial Services Threat Report published earlier this year found that the UK financial sector accounted for about 28% of all cyberattacks in the country, a record high. The report highlighted growing threats from ransomware, nation-state hackers and AI-powered scams, alongside a sharp rise in credential theft.
For traders, the designation adds a regulatory dimension to some of the most widely traded stocks, though its reach stops at the firms’ financial-sector services.
Source: Stocktwits (via TradingView)
Trading involves risk.