Banks warned that cloud usage could present "systemic" risk to financial system

Banks warned that cloud usage could present "systemic" risk to financial system | Corporate Risk & Insurance

Banks warned that cloud usage could present "systemic" risk to financial system

Banks’ increasing use of cloud computing for core services could present a risk to the entire financial system, particularly if institutions rely on a handful of dominant suppliers, a major regulator has warned.

In recent years, the benefits offered by cloud computing have attracted the interest of the financial services industry, with the adoption of cloud computing growing at a fast pace, a new report from the European Banking Authority (EBA) says.

But while cloud computing offers a number of advantages, there are several key risks, according to the EBA’s report on the prudential risks and opportunities arising for institutions from fintech.

“A potential migration to the cloud could increase ICT change risk, in the event of reliance on complex legacy infrastructure, and other potential issues related to the multi-tenant environment of public cloud, as well as the jurisdictional location of data,” the report said.

“ICT outsourcing risk could be also considered important, not only from the point of view of individual institutions but also at an industry or systemic level, as large suppliers of cloud services could become a single point of failure should many institutions rely on them.

“Additionally, a possible impact on the wider operational risk could arise from issues with data security, systems and banking secrecy, especially when cloud services are hosted in jurisdictions subject to different laws and regulations from the institution.”

At the global level, the risk of concentration on a limited number of cloud service providers (CSPs) could be elevated if a significant number of institutions use the same CSP’s infrastructure, the report went on to say.

The use of subcontractors from a high-risk area or country could also negatively affect the wider operational risk and reputational risk of the institution.

 

Related stories:
Hunting down keys to unlock networks invaded by ransomware
Zurich: Public sector organizations lack risk awareness, do it anyway