The Bank of England (BoE) has been granted sweeping new powers to regulate major tech firms, including Amazon Web Services, Google Cloud, Oracle, and Microsoft, from next Monday. These four companies have been deemed 'critical third parties' due to their indispensable role in supporting day-to-day banking operations for millions of UK customers and businesses.
The BoE, alongside the Financial Conduct Authority (FCA), will now directly oversee the UK operations of these tech giants, requiring them to demonstrate robust cyber defences and actively mitigate potential risks. This includes rigorous stress testing to prove their ability to respond effectively in emergency scenarios and reporting major incidents, such as cyber-attacks or power outages, to both regulators.
This move comes amidst growing reliance on online technologies within the financial sector and a corresponding decline in physical banking infrastructure. Past incidents have highlighted vulnerabilities, with glitches in global tech services causing significant disruption to UK banking customers – for instance, a 2023 Amazon cloud computing services glitch in Northern Virginia affected over 2,000 companies, including Lloyds Banking Group.
A recent Treasury Committee report revealed that major British banks and building societies experienced the equivalent of more than a month's worth of IT failures between 2023 and 2025. The regulated companies have welcomed the announcement, stating their support for enhancing the UK financial sector's resilience. Meg Hillier, Chair of the Treasury Committee, also suggested extending regulatory oversight to AI firms as they increasingly play a role in financial services.
This increased oversight is expected to bolster consumer confidence in digital banking services and reduce the economic impact of potential outages. For UK businesses reliant on cloud services for their financial transactions and data, this could mean greater stability and reduced risk of operational disruption – although this move has no direct impact on the FTSE 100.
Regulated companies will be required to undergo regular stress testing and report any major incidents, including cyber-attacks or power outages. This includes Amazon's cloud computing services glitch in Northern Virginia, which affected over 2,000 companies, including Lloyds Banking Group, resulting in significant disruption to UK banking customers.