Increasing reliance on cloud computing services represents a growing systemic risk that may require regulatory action, according to a new paper from the European Securities and Markets Authority (ESMA).
The paper details the growing dependence of financial institutions on cloud service providers (CSPs) and its impact on systemic risk.
Utilizing cloud services can increase resilience for an individual firm, the paper said, yet with the high concentration of CSPs, “a single CSP outage could generate simultaneous firm-level outages, posing systemic risk,” it warned.
For cloud outsourcing to reduce overall systemic risk, “CSPs need to be significantly more resilient than firms,” the paper said.
Alternatively, it suggested that deploying an independent backup cloud service would significantly mitigate systemic risk — but this may have to be mandated by regulators.
“Backup requirements may need to be imposed by policy-makers however, as the systemic risk is an externality to individual firms,” the paper concluded.
“Given the ubiquity of CSPs and continuing migration to use of their services — a trend accelerated by the Covid-19 pandemic — it is crucial for policy-makers and market participants to assess benefits and risks of outsourcing to CSPs,” it said.