Fed Examined Amazon's Cloud in New Scrutiny for Tech -- Update
August 01 2019 - 6:49PM
Dow Jones News
By Liz Hoffman, Dana Mattioli and Ryan Tracy
The Federal Reserve conducted a formal examination this spring
of an Amazon.com Inc. facility in Virginia, the first of what is
expected to be ongoing oversight of giant cloud providers that have
become repositories of sensitive banking information, people
familiar with the matter said.
Around the same time, prosecutors allege, a 33-year-old hacker
in Seattle stole Capital One Financial Corp. data from Amazon's
cloud storage.
The federal examiners who visited Amazon in April are the same
ones who regulate Capital One. It doesn't appear they were aware of
the giant hack. A person familiar with the matter said the Fed was
told last week, a few days before Paige A. Thompson was charged
with stealing personal information of more than 100 million Capital
One card customers and applicants.
The examiners were greeted warily at the Amazon offices.
Chaperoned by an Amazon employee, they were allowed to review
certain documents on Amazon laptops, but not allowed to take
anything with them, some of the people said.
The examination points to a culture clash between government and
big tech, which has been far less regulated than the financial
sector. Antitrust investigations are under way into whether Amazon,
Facebook Inc. and other tech companies have used their size and
influence to stifle competition.
The examination, headed up by the Federal Reserve's Richmond
branch, also brings to the fore the question of where banks end and
where the vendors that power them begin.
The examiners in Virginia were focused on Amazon's resiliency
and backup systems, some of the people said, describing the visit
as the first of what is expected to be ongoing oversight of the
tech giant.
Technology companies such as Amazon are now a crucial player in
the U.S. banking system, whether they want to be or not.
They run the databases that hold customer credit scores and
social-security numbers. They analyze risk for banks' traders and
process payments. Cloud computing has made possible services that
customers now take for granted, like mobile access to their bank
accounts and split-second decisions on their efforts to buy and
sell securities.
Amazon is the biggest player, controlling nearly half of the
public cloud market in 2018, according to Gartner. Amazon Web
Services came out of a 2003 brainstorming session about ways to use
the company's extra data centers. It now contributes three-quarters
of the company's overall profits, helping to support its low-margin
retail business.
Goldman Sachs Group Inc., Nasdaq Inc. and payments company
Stripe Inc. all use Amazon. A competing cloud service from
Microsoft Corp. counts JPMorgan Chase & Co. and TD Bank among
its clients. Google, a smaller player, is also courting banks.
Most big banks use all three to some extent. Some, like Capital
One, have closed their proprietary data centers and moved much of
their digital footprint to the cloud, which makes Amazon and its
competitors crucial to day-to-day banking.
But Washington hasn't figured out yet how to regulate them.
Established bank vendors such as FiServ Inc. have been subject to
inquiries from financial regulators for years because they provide
the core software that runs banks' deposit and loan platforms.
Regulators have only limited power over nonbanks, and typically
rely on banks to vet their own vendors. A U.S. Treasury report last
year found that bank regulations hadn't "sufficiently modernized to
accommodate cloud and other innovative technologies."
Part of that modernization will require reckoning with a
cultural chasm between Silicon Valley's entrepreneurs and
Washington officials: After the meeting in Virginia, the Feds
sought more documents and information from Amazon, people familiar
with the matter said.
The company balked, demanding to first see details about how its
data would be stored and used, and who would have access and for
how long, some of the people said.
Tech giants have fought new oversight. When the government
weighed new cybersecurity standards in 2017, Amazon lobbied against
them. Cloud companies, it argued, simply sell a system and turn
over the job of running and securing it to their clients.
"Imposing additional cybersecurity requirements...could
unnecessarily lead to redundancy and increases in compliance costs,
while potentially leaving systemically important financial
institutions less secure," Amazon wrote to regulators in 2017. The
proposal was eventually dropped.
--Emily Glazer and Telis Demos contributed to this article.
Write to Liz Hoffman at liz.hoffman@wsj.com, Dana Mattioli at
dana.mattioli@wsj.com and Ryan Tracy at ryan.tracy@wsj.com
(END) Dow Jones Newswires
August 01, 2019 19:34 ET (23:34 GMT)
Copyright (c) 2019 Dow Jones & Company, Inc.
Capital One Financial (NYSE:COF)
Historical Stock Chart
From Jun 2024 to Jul 2024
Capital One Financial (NYSE:COF)
Historical Stock Chart
From Jul 2023 to Jul 2024