About us Search

Critical about clouds

by Matthias Plötz 17 April 2023

As part of the Financial Services and Markets Bill, the UK has proposed a regime to regulate critical third-party service providers (CTPs), which could shift the negotiating power in favour of GPs but gives rise to concerns about fragmentation.

“The existing framework represents the regulator’s increasing attention on firms’ operational resilience since the global financial crisis and some high-profile banking outages,” comments Clive Cunningham, a partner in Herbert Smith Freehills’ financial services regulatory practice. “The new special regime for CTPs reflects a growing concern about particular risks arising from the financial services industry’s increasing dependency on cloud and IT infrastructure services providers.”

The market for cloud services is consolidated, with Statista reporting that Amazon holds 34% of the market, Microsoft’s Azure 21% and Google Cloud 11%. Together, the three hold 66% and lead by a landslide – the next largest player after Google is Alibaba with 5%.

When shopping around for a provider, large-cap firms may experience equitable contract negotiations due to a levelled playing field, and even use multiple providers at the same time so as to not put all their eggs in one basket. It can be a different experience for mid-size firms or those at the lower end of the market. Hyperscalers may allow some wiggle room around free consultancy, access to customer engineers, training and certifications; they are unlikely to be flexible on their pricing.

This stronghold allows cloud services providers to push their standard terms and conditions, leaving their counterparties with little room to make their own demands.

However, under the Bill’s current wording, obligations are imposed on the service provider alone, which could shift the current landscape, comments Cunningham: “There is a real possibility this new regime will rebalance the whole relationship between fund managers and their cloud/IT services providers. Currently, it’s the regulated firm doing the asking – for data, access and other contractual rights to meet its regulatory obligations. In future, CTPs will probably need more rights in return, so that they are plugged into how their services create systemic risks for the financial services sector and the solutions to mitigate those. The one-sided imposition of standard contract terms could be a thing of the past.”

His colleague Nick Pantlin, partner and head of TMT and digital for the UK and Europe at Herbert Smith Freehills, adds: “In addition to recalibrating the legal Ts and Cs under which they engage with their customers, service providers will also need to consider how the new requirements will affect their customer offerings from an operational and commercial perspective. This will no doubt be an opportunity for some service providers and could potentially create a two-tier market.”

Looks like rain
The UK is not the only country considering a regime to regulate CTPs, as the EU has already published a regulation on operational resilience for the financial sector, as well as an amending directive, in the form of the Digital Operational Resilience Act (DORA).

Crucially, DORA imposes obligations on both service providers and their clients but has a narrow definition of service providers compared to the UK. Further, the EU requires service providers to have substance within the union, whereas under the current wording the UK will not demand presence. This is contrary to the commonality of regulation requiring locality and raises additional questions on how sharp the teeth of the UK’s new regime will be.

1 June 2023

What the AI?! Canoe Intelligence

Our new AI series kicks off by exploring the burning questions with Aman Soni, VP of data strategy at Canoe Intelligence

30 May 2023

The conversation: Are you prepared? Liquidity strategies in a turbulent market

The Drawdown hosted a webinar to discuss how managers can respond to liquidity and risk management challenges that have been thrown into sharp focus in recent weeks

31 May 2023

Answering the right questions

GPs and LPs agree qualitative ESG reporting is a crucial competitive advantage but disagree on reporting requirements, says PwC

31 May 2023

Apex launches fundraising services

Offering combines rebranded platform with series of events

30 May 2023

Gottschalg Analytics powers up

Company aims to provide performance intelligence services via proprietary algorithms

26 May 2023

Former Sanne execs set up new fund admin business

Ex-Sanne senior leaders have launched Palmer Street, with £8m backing from Marwyn Value Investors