UK Regulators Set Out Critical Third-Party Approach

July 25, 2022
<
Back
The Bank of England, Prudential Regulation Authority and Financial Conduct Authority have indicated what measures they will take to oversee and strengthen the resilience of services provided by critical third parties to the UK financial sector.

The Bank of England, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) have indicated what measures they will take to oversee and strengthen the resilience of services provided by critical third parties to the UK financial sector.

Critical third parties are providers to regulated financial services firms that could affect financial stability and cause harm to consumers if they fail or are disrupted.

In the FCA's recent perimeter report, the regulator admitted that in certain scenarios it was powerless to protect against the harm caused by unregulated third parties.

“In an increasingly digital world, financial businesses are more dependent on a small number of third-party providers. That can bring significant benefits, but also comes with resilience risk,” said Nikhil Rathi, chief executive of the FCA.

Rathi said that the supervisory authorities want an open discussion about how to use the new powers parliament is enabling to oversee the services these third parties provide to the financial sector and reduce the risk of major disruption.

“Financial market infrastructure firms are becoming increasingly dependent on third-party technology providers for services that could impact the financial stability of the UK if they were to fail or experience disruption,” commented Jon Cunliffe, the Bank of England’s deputy governor.

The discussion paper, open to comments until December 23, sets out potential measures for how the supervisory authorities could use their proposed powers.

This includes a framework for identifying potential critical third parties, which would inform the supervisory authorities’ recommendations for formal designation by HM Treasury.

Minimum resilience standards are also suggested by the regulators, which would apply to the services that designated critical third parties provide to firms and financial market infrastructure.

In addition, the supervisory authorities want a framework for testing the resilience of material services that third-party entities provide to firms using a range of tools.

This includes scenario testing, participation in sector-wide exercises, cyber resilience testing and skilled persons reviews of critical third parties.

“This is hugely significant step in the regulators’ ongoing focus on operational resilience. The biggest risk to global financial stability is not another bank failing, but one of the tech giants failing. In that instance, it could be light outs," said Bradley Rice, partner at Ashurst.

“Regulators do not currently supervise these entities or have any oversight or powers over them. These measures will change that,”

Rice noted that this should be considered to be the UK’s version of the EU’s Digital Operational Resilience Act — otherwise known as DORA — which has recently been passed. The new measures are also unlikely to lighten the burden on regulated firms.

“The regulators make that clear, but it does add to the regulators’ arsenal and should be a helpful factor when considering the resilience of firms.”

Better coordination

The regulators' new discussion paper comes after the government included legislative proposals in the Financial Services and Markets Bill, which is currently before parliament, to grant the supervisory authorities powers to directly oversee the resilience of services that third parties provide to the UK financial sector.

“The potential measures examined in this discussion paper provide an initial, but important, step for the Bank of England to manage these systemic risks, in coordination with the FCA,” said Cunliffe.

Cunliffe added that the discussion paper also includes suggestions to improve coordination between the Bank of England, PRA and FCA, international financial regulators and UK non-financial regulators.

“This is key given the cross-border and cross-sectoral nature of many critical third parties and the services they provide.”

The suggestions are relatively light touch, as these measures would complement, not replace, firms existing responsibilities to manage risks from contracts with third parties.

The supervisory authorities would only oversee the systemic risks arising from the services critical third parties provide to firms.

Share

Our premium content is available to users of our services.

To view articles, please Log-in to your account, or sign up today for full access:

Related articles

April 25, 2024

Daily Dash: RBI Shuts Down Major Indian Bank Due To 'Serious' Compliance Concerns

India’s central bank has issued a temporary shutdown order to one of the country’s ten largest credit card issuers, and the US Federal Trade Commission has finalised a new rule that will promote competition.
Read article
April 25, 2024

Romania Looks To Lead EU In Crypto Crime Fight With ChainArgos

Romania has stepped up its efforts to tackle crypto crime with a first-of-it-kind partnership with ChainArgos, the blockchain intelligence firm that took down the Binance stablecoin last year.
Read article

Opt in to hear about webinars, events, industry and product news

Gambling Compliance

Learn more

Payments Compliance

Learn more
To find out more about Vixio, contact us today
Contact us
No items found.
Third-Party Providers
United Kingdom

Please choose your preferred
service to log in to.

GamblingCompliance
PaymentsCompliance
Don’t have an account?