On 9 December 2019, the Financial Stability Board (FSB) published two reports on financial stability implications of BigTech in finance and third party dependencies in cloud services. The two reports come as BigTech firms – large companies with established technology platforms – play an increasingly prominent role in the financial system and have begun to provide financial services themselves. Furthermore, financial institutions are increasingly making use of third-party cloud services providers. The two reports add to the ongoing debate on better regulating such services while keeping in mind cybersecurity issues which could threaten financial stability.
In its report on BigTech firms, the FSB writes that a number of BigTech firms have grown their businesses rapidly over the last decade. Some of these large firms have grown to be of comparable or even of a larger size than some financial institutions. On their operations, there is a difference between BigTech’s activities in advanced economies, where BigTechs tend to focus on payment services and activities complementing those of existing financial institutions, and emerging economies, where BigTechs are more prone to provide classic financial services such as lending, asset management and insurance. The FSB considers that BigTechs provide certain benefits to the financial services sector through their potential for innovation, diversification and efficiency within the sector, and have the potential to improve financial inclusion as well as access to finance for SMEs. Yet, the FSB feels that BigTechs may also pose a risk to financial stability. This includes risks stemming from leverage, maturity transformation and liquidity mismatches, as well as from operational risks that could arise as a result of shortcomings in governance, risk and process controls. Especially in countries where BigTechs are significant providers of financial services financial stability risks are high. Other risk sources considered by the FSB include the scale and complexity of linkages between BigTech and financial institutions through which propagation of risk could be channelled. All these risks raise a number of issues for policymakers. Although many of the activities of BigTechs are regulated through general financial services legislation, the question should be asked whether additional, tailor-made regulation is required. Furthermore, the FSB states that regulators and supervisors might also consider whether the increasing interlinkages between BigTechs and financial institutions might affect the viability of their business models.
The second report, on third party dependencies in cloud services, also assesses considerations on financial stability. The FSB writes that while cloud services may present a number of benefits over previously used technology for storing data, operational incidents at third-party service providers may affect the operations of financial institutions and result in data breaches. Furthermore, by using a third party cloud provider, supervisors may find it more difficult to assess whether the third party is acting in line with relevant laws and regulations as contractual limitations on the rights of access, audit and information for financial institutions and supervisors may restrict their ability to access critical data if necessary. Furthermore, potential concentration in third-party service provision could be harmful to financial stability in the event of a large-scale operational failure. The FSB recommends to standard-setting bodies to assess the adequacy of regulatory standards and supervisory practices for outsourcing arrangements, the ability to coordinate and cooperate and share information among supervisors when considering cloud services used by financial institutions, and the current standardisation efforts to ensure interoperability and data portability in cloud environments.