Business

Britain places Microsoft, Google, Amazon and Oracle under financial oversight

Britain will put Microsoft, Google, Amazon Web Services and Oracle under direct financial oversight as regulators move to police cloud concentration risk.

Sarah Chen··2 min read
Published
Listen to this article0:00 min
Britain places Microsoft, Google, Amazon and Oracle under financial oversight
Source: aol.com

Britain moved to bring four of the biggest cloud infrastructure providers under direct financial oversight, a sign that the plumbing of finance now runs through a small number of U.S. technology firms. The Bank of England, the Prudential Regulation Authority and the Financial Conduct Authority will begin overseeing the first Critical Third Parties on Monday, 13 July 2026, after HM Treasury designated Amazon Web Services EMEA SARL, Google Cloud EMEA Limited, Microsoft Ireland Operations Ltd and Oracle Corporation UK Limited.

The new regime gives regulators formal powers over companies whose services support banking, payments and investment activity across the UK financial sector. The Bank of England said the framework is a proportionate regime focused on the resilience of critical services, and that its purpose is to reduce the risk that disruption at one major supplier spreads across multiple firms or markets. That concern is central to the concentration problem: banks may diversify their own balance sheets, but many still rely on the same cloud providers for storage, processing, resilience and day-to-day operations.

AI-generated illustration
AI-generated illustration

The oversight does not replace existing outsourcing and operational-resilience rules for regulated firms. Banks, payment firms and investment houses remain responsible for their own third-party risk management and contingency planning, even as the new regime brings the cloud companies themselves into the supervisory perimeter. The Bank defines operational resilience as the ability to prevent, adapt to, respond to, recover from and learn from disruptions, and says the main threats include cyberattacks, IT system outages and third-party supplier failure.

That concern has sharpened after a run of disruptive incidents. In a 2024 paper, the Bank pointed to the July 2024 global IT outage caused by a flawed CrowdStrike update, a July 2024 Swift outage that disrupted wholesale payments in the UK and elsewhere, and cyberattacks on ICBC Financial Services and ION in 2023 as examples of shocks that can move through financial markets quickly. The legal basis for the new oversight sits in the Financial Services and Markets Act 2023, which created powers over critical third parties.

Officials have left the door open to more designations on a rolling basis, suggesting this is the start of a wider regulatory shift rather than a one-off intervention. For cloud giants long treated as technology vendors, the move recasts them as systemic infrastructure operators whose failures could now be judged by the same standard that applies to other essential utilities.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More in Business