Banks and other financial institutions could be forced to cut ties with cloud providers and other technology suppliers under a draft European Union regulation that aims to limit cybersecurity risks to the sector.
National regulators in EU countries could require banks to stop using external technology services if their providers fail to fix cybersecurity problems identified in government inspections. The bill goes beyond existing European legislation mandating cybersecurity rules for the finance sector by requiring technology suppliers to also undergo regulatory scrutiny.
Under the proposed rules, authorities can recommend cybersecurity changes to technology providers, which must respond within 30 days on whether they plan to follow the recommendations. Regulators would then monitor whether financial firms have taken those risks into consideration, and can require them to suspend or stop using a company’s services.
“It could be a massive, massive headache,” said Richard Parlour, chief executive of law firm Financial Markets