In a landmark development for the United Kingdom’s financial sector, city regulators are set to begin overseeing technology firms that provide critical services to banks starting January 1, 2025. The Bank of England and Financial Conduct Authority (FCA) will gain new powers to regulate companies that have become instrumental to the day-to-day operations of an increasingly digital banking and payments landscape.
The regulatory expansion comes amid mounting concerns that cyber-attacks or operational disruptions at major tech providers like Google or Amazon could pose significant risks to the UK’s financial stability. By bringing these firms under their purview, the Bank of England and FCA aim to bolster the resilience of the banking system and prevent potential blackouts.
Identifying Critical Third Parties
As part of the new regulatory framework, the Bank of England and FCA are currently compiling a list of companies deemed crucial to the functioning of the UK’s financial sector. This list is likely to include tech giants such as:
- Amazon Web Services, which counts major banks like HSBC, Starling Bank, Nationwide, and Monzo among its clients
- Google, serving companies such as Revolut, NatWest, GoCardless, and Atom Bank
- Microsoft, with clients including Investec, Virgin Money, and Standard Chartered
The final list of regulated firms is expected to receive ministerial approval by June 2025, marking the first time that the web services arms of big tech companies will fall under the supervision of city regulators.
Balancing Regulation and Investment
Determining which companies should be regulated is likely to be a delicate matter for Labour ministers, who are actively seeking to attract investment into the UK, particularly from large US tech firms. The government recently celebrated an £8 billion investment by Amazon Web Services to build data centers in the country, with the promise of creating up to 14,000 jobs and contributing £14 billion to the UK’s GDP from 2024 to 2028.
New Regulatory Measures
Once under the supervision of the FCA and Bank of England, tech firms and other critical suppliers will be subject to several new regulatory measures, including:
- Stress tests to assess their response to simulated emergency scenarios that put their operations under severe strain
- Mandatory reporting of major incidents such as cyber-attacks, power outages, and the impacts of natural disasters
- Coordinated emergency planning to ensure the continuity of essential services in the face of disruptions
The FCA has emphasized the growing reliance of financial firms and market infrastructures on a small number of third-party providers, noting that disruptions or failures at these companies could affect a large number of consumers and firms, potentially threatening the stability of the entire UK financial system.
Ongoing Monitoring and Collaboration
The Bank of England has been closely monitoring these critical third parties and began tracking cloud providers as early as 2018. In 2021, the bank’s governor, Andrew Bailey, expressed concerns about the increasing integration of cloud service providers into the financial system, stressing the need for greater assurance regarding their resilience.
The Treasury, in a statement, reaffirmed the government’s commitment to growth and investment, emphasizing that the new regulatory powers will be exercised in a manner that supports businesses to invest and grow in the UK. The regulators will work closely with the Treasury to finalize the list of companies to be regulated by 2025.
As the UK’s financial sector becomes increasingly reliant on technology, the new regulatory measures aim to strike a balance between fostering innovation and safeguarding the stability of the banking system. By bringing critical tech firms under the oversight of city regulators, the UK seeks to enhance its resilience against potential disruptions while maintaining its position as an attractive destination for investment in the digital age.
