U.K. Brings Four Cloud Providers Under Financial Regulatory Oversight
The U.K. government has designated Amazon Web Services (AWS), Google Cloud, Microsoft, and Oracle as Critical Third Parties (CTPs), placing their financial sector services under the oversight of the Bank of England, the Prudential Regulation Authority, and the Financial Conduct Authority.
The move is intended to strengthen the resilience of the U.K. financial system as banks, insurers, and financial market infrastructure firms become increasingly dependent on cloud computing services. Regulators will assess the providers’ ability to identify, manage, and recover from operational disruptions that could affect financial services. The oversight applies only to services provided to the financial sector and does not extend to the companies’ broader operations. Financial institutions will continue to remain responsible for managing risks associated with third-party service providers.
The government said additional cloud providers could be designated as Critical Third Parties in the future under a rolling framework. The regulatory powers stem from the Financial Services and Markets Act 2023, which enables direct oversight of designated service providers.




