.png)
2 hours ago
4
The City watchdog has said the UK needs to “strengthen” its grip on foreign tech firms providing critical services to banks, amid growing concerns over outages and cyber-attacks.
Sarah Pritchard, who was appointed the Financial Conduct Authority’s (FCA) first deputy chief executive this summer, said there had been “very frequent reminders” of how important it was for the banking sector to have “good, strong operational resilience and cyber controls”.
“It remains an area that everybody should pay attention to because of the consequences if it goes wrong,” Pritchard said.
Last month, Lloyds Banking Group and the London Stock Exchange were among more than 2,000 companies whose online services were disrupted by a glitch at Amazon’s cloud computing services operations in North Virginia.
The episode sparked renewed warnings over the perils of relying on a small number of foreign companies for operating services across the internet, including crucial government and financial services.
However, the UK government has come under fire for failing to designate any company such as Google or Amazon as a “critical third party” to the UK’s financial services sector – which would expose the tech firm to financial regulatory oversight. That is despite having rolled out those powers nearly a year ago.
When asked whether the lack of designations was worrying for the regulator as it tried to ensure resilience of the financial sector, Pritchard said: “We would like to see the system strengthen. And we stand ready to supervise jointly with the PRA [Prudential Regulation Authority] and the Bank of England when there is a designation that’s made.”
At the start of 2025, the Bank of England and the FCA were handed powers to regulate companies that were becoming a crucial part of the day-to-day operations of the increasingly digital banking and payments sector, and whose outages could put financial stability at risk. That includes firms offering services such as artificial intelligence and automated programmes that can help detect fraud.
It was hoped that extra oversight, which would involve compulsory reporting of major incidents and coordinated planning for emergencies, would help to avert banking blackouts. However, nearly a year on, the Treasury has failed to name any individual tech firm under the new regime.
The banking sector has been grappling with a growing number of outages, which have become more acute for customers pushed increasingly towards online banking rather than in-branch services.
after newsletter promotion
The Treasury select committee said earlier this year that customers at Britain’s major banks and building societies suffered the equivalent of more than a month’s-worth of IT failures in the last two years.
“I do think financial services has really strengthened its framework … But I think no one should rest on our laurels,” Pritchard said.
