The boss of HSBC’s technology services arm fears sluggish financial services regulation will lead to IT bosses going to jail for cloud data breaches that are not their fault.
Speaking at Cloud Expo Europe, head of Research and Innovation for the bank Barry Childe said the financial services industry needs to take more responsibility for bringing regulators up to speed when creating standards around cloud services.
"We need to lead [the regulators] to the water so they can drink. We’ve got a role to play as much as they have. Most definitely we need some new standards around security and standards of hosting and data centres," he said.
“We need some kind of rule that allows us to take those banking licences and those controls to a third party that’s appreciated and recognised by a regulator.”
If this does not happen, banks' IT bosses could feasibly find themselves in legal hot water, according to Childe, despite not being directly responsible for the data loss.
“Right now a financial services IT professional is at risk if he outsources a service elsewhere and a leak happens. There is a risk that he would potentially go to prison. There’s no get out of jail free card because he used a third party.
“We need a code of conduct of due diligence. We need a standard to allow financial services firms to work with third parties. That’s something we as an industry need to drive and move the regulator towards,” he concluded.
Despite these concerns, Childe was keen to praise the potential for cloud computing services, and he called on cloud vendors to up their game and provide bespoke services for financial firms.
Banks are under ever-increasing threats from both accidental and deliberate data breaches. Earlier this year, 27,000 Barclays customers’ details were breached by cyber thieves.
Theresa May always the keenest cabinet voice in favour of draconian online censorship, surveillance and controls
No need to waste time on Google launch planned for 4 October
10nm processors now won't be ready until 'late-2018'
Revelation comes just four months after WannaCry struck