ICAEW.com works better with JavaScript enabled.

Outages and the future of systemic risk

Author: ICAEW Insights

Published: 19 Aug 2024

The Microsoft Azure outage showed the far-reaching consequences of a single point of failure in cloud infrastructure. For the financial services sector, it highlights the need for a comprehensive approach to managing systemic risk.

Last month’s massive outage at Microsoft’s Azure cloud service sent shockwaves globally and throughout the financial sector.

The outage, which lasted several hours, resulted in the paralysis of many banking services, disrupting online transactions and blocking access to essential financial services. Customers reported problems with online banking, mobile app services, cash machines and card payments. Some banks also faced in-branch service disruptions and phone line issues due to the global IT outage. 

More than just delays in processing transactions, data inaccessibility and potential financial losses, these issues undermined customer trust. Had the outage extended into days and weeks rather than hours, the big question is could it have posed a threat to market stability?

Advantages versus hidden perils?

With financial institutions increasingly dependent on cloud services for data storage, processing and core operations, it prompts the question: are they opening themselves up to significant new risks? 

Cloud services offer remarkable benefits relative to the days when institutions stored information on local servers, not least scalability, cost efficiency and high performance. But the recent outage has prompted many people to ask whether these advantages come with hidden perils. 

Of course, the risks associated with single points of failure extend beyond cloud services. Whether it’s critical artificial intelligence services, cyber-security or front office systems – any essential function where there is a reliance on a limited number of key providers creates vulnerabilities, with potential ripple effects that could impact the entire financial ecosystem.

For example, if a dominant cyber security provider fails to protect against a significant breach, the fallout could be severe, leading to data theft, regulatory fines and loss of customer confidence. 

Understanding systemic risk in today’s interconnected world requires a broader view of the network of relationships among businesses, financial institutions and technology, and a grasp of how disruptions in one area might propagate through the entire system. 

Mitigating systemic risks

A holistic view that considers both specific vulnerabilities and the broader web of connections is essential for effectively managing and mitigating systemic risks. This perspective helps to identify potential points of failure and develop strategies to address them before they lead to widespread disruptions.

The risk presented by a growing reliance on third parties prompted the Prudential Regulatory Authority to propose a new UK regulatory framework aimed at managing critical third-party risk providers to the financial sector. 

The proposed regulations seek to enhance operational resilience by setting rigorous standards for critical services. This framework includes improved risk management practices, regular testing of systems and increased supervisory oversight. The goal is to ensure that financial institutions and their third-party providers are better prepared to handle potential disruptions and maintain operational stability.

However, the effectiveness of these proposed measures remains a topic of debate. Are these steps sufficient to address the complexities of modern digital operations? The evolving nature of technology and the increasing interdependence of financial institutions and service providers suggest that a more dynamic and adaptive regulatory approach may be necessary. 

Regulatory scrutiny

As tech giants like Amazon, Google and Microsoft continue to deepen their involvement in financial services, there is growing debate about whether they should face the same level of regulatory scrutiny as traditional banks. These companies and the technologies they provide are already integral to various aspects of financial operations, from cloud computing to payment systems and beyond. 

While we are likely to be a long way off from seeing this substantial shift, if they are subjected to similar regulations as banks, they would need to hold minimum levels of regulatory capital and liquidity. This shift could have significant implications for their operations and strategic decision-making.

If tech giants faced a scenario where bank-like regulation became inevitable due to their systemic importance to the financial system, this could encourage further expansion into financial services such as savings and lending. Their technological capabilities and vast data resources mean they are well-positioned to offer financial products and services. For example, they could leverage data analytics to develop new lending models or create more personalised financial products.

Competition and consumer choice

Any expansion would intensify competition within the financial sector, challenging the existing dominance of incumbent banks. The evolving regulatory landscape and the growing influence of Big Tech in finance will shape the future of the industry, with significant implications for both competition and consumer choice.

Looking forward

The risks associated with single points of failure in cloud services and other critical areas highlight the need for a comprehensive approach to managing systemic risk. Financial institutions, regulators and technology providers must work together to navigate these challenges and build a more resilient and secure financial ecosystem.

As financial institutions increasingly rely on a few dominant providers for essential functions, understanding and addressing these vulnerabilities is crucial for maintaining market stability and protecting customer interests.

Further resources

ICAEW Faculty
Find out more about the Financial Services Faculty
Financial Services

Gain sector-specific technical support and expert opinions to keep you up to date in a fast-changing environment. Choose from either Banking, Insurance, or Investment Management.

ICAEW Community
Boardroom
Corporate Governance

Stay up to date with the latest news and developments in corporate governance, to help you in your role as a board member, NED or corporate governance professional. Membership is free and open to everyone

ICAEW support
A person holding  a tablet device displaying various graphs
Training and events

Browse upcoming and on-demand ICAEW events and webinars focused on making the most of the latest technologies.

Events and webinars A-Z of CPD courses
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields

Add this page to your CPD activity

Step 2 of 3
Mandatory field

Add activity to my record

Step 3 of 3
Mandatory field

Activity added

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250