Managing cloud risk &#8211; some considerations for the oversight of critical cloud service providers in the financial sector

Ting Yang Koh; Jermy Prenio

Managing cloud risk – some considerations for the oversight of critical cloud service providers in the financial sector

FSI Insights | No 53 |

16 November 2023

by Ting Yang Koh and Jermy Prenio

PDF full text

(700kb)

| 26 pages

Executive Summary

Financial firms' use of the cloud, including for their critical services, has been increasing over the years and is expected to continue to do so. Once a significant level of critical services has moved to the cloud, a major operational disruption at a cloud service provider (CSP) could interrupt the delivery of these services and hence have systemic implications. This is exacerbated by the predominance of a few CSPs at the global level. However, the prevalent regulatory approach, in which individual financial firms are expected to manage their third-party risks, does not take a systemic view. This paper identifies some considerations for potential oversight frameworks for critical CSPs that take into account their potential systemic importance, as well as the cross-sectoral and cross-border nature of their operations.

JEL classification: G20, G28, O38

Keywords: cloud service provider, critical CSP

About the authors

Ting Yang Koh