According to Financial Times News, City minister Lucy Rigby told MPs that big tech groups will start being supervised by UK financial regulators by next year under new “critical third party” powers. The Treasury gained authority in January to designate companies providing essential services to UK financial firms for direct oversight by the Bank of England and Financial Conduct Authority. This follows last month’s Amazon Web Services outage that disrupted Lloyds Banking Group, London Stock Exchange Group, and HMRC services. Rigby confirmed regulators are already monitoring “all operational instances very, very carefully” and that at least one company would be designated under the new rules within a year. The top three providers—Amazon, Google and Microsoft—control 73% of cloud computing services to UK financial companies according to a Bank of England survey.
What Took So Long?
Here’s the thing—MPs are absolutely right to be frustrated. The Treasury has had these powers since January, and we’ve already seen major outages that affected real people trying to access their banking services. Liberal Democrat MP Bobby Dean put it bluntly during the Treasury committee hearing: “When we see some of the big failures in recent weeks it makes us feel slow and not quick enough to respond to these developments in technology.” He’s not wrong. These cloud providers have become so essential that when they hiccup, the entire financial system feels it.
What Actually Changes?
Once designated, these tech giants will face the same kind of scrutiny that banks themselves deal with. We’re talking annual self-assessments, regular stress testing for severe disruptions, and the ability for regulators to impose conditions or even public censure. Basically, the Financial Conduct Authority and Bank of England get to look under the hood and say “prove you won’t break when we need you most.”
But let’s be real—this isn’t just about preventing outages. There’s a bigger picture here about concentration risk. When three companies control nearly three-quarters of the market, any failure becomes systemic. The regulators are waking up to the fact that financial stability now depends as much on data centers in Virginia as it does on trading floors in London.
The Real Challenge
So why has this taken so long? Treasury deputy director James Fairburn mentioned it could take about six months to decide which companies to designate once regulators identify them. That timeline feels… generous. Especially when you consider that everyone already knows who the major players are.
I think the real issue is that this represents a fundamental shift in how we think about regulation. For decades, financial oversight stopped at the bank’s firewall. Now regulators are realizing they need to understand cloud architecture, AI models, and data center redundancy. That’s not exactly traditional central banking expertise.
The question isn’t whether Amazon and Microsoft should be regulated—it’s whether our regulators are equipped to understand what they’re looking at. Because let’s face it, telling a cloud provider to “stress test their systems” means something very different than telling a bank to stress test its loan portfolio.
