UK financial regulators have confirmed new rules to strengthen the resilience of technology and other third parties providing essential services to financial firms.
Financial institutions and market infrastructures increasingly depend on a small group of these third-party providers, known as critical third parties. While they help enhance competition, any disruption to their services—such as a cyber-attack or power outage—could impact many consumers and firms, threatening the stability of the UK financial system.
Regulators Set Third-Party Guidelines
In 2023, the government gave regulators new powers to oversee the resilience of services provided by these third parties. These powers aim to mitigate risks that could affect financial stability.
Today, the Financial Conduct Authority, Bank of England, and Prudential Regulation Authority outlined how they plan to use these new powers. They consulted widely with the industry to shape the rules, which align closely with international standards, such as the EU’s Digital Operational Resilience Act.
🇬🇧 HM Treasury | UK Financial Regulators Enhance Oversight of Critical Third Party Functions
— RegFlow Hub (@RegFlowHub) November 12, 2024
• Policy paper outlines coordination among Bank of England, FCA, and PRA in monitoring third party functions. • Amendments to the Financial Services and Markets Act 2000 address risks…
Financial Firms Retain Responsibility
According to the regulators, once implemented, the new rules will improve the resilience of services provided by critical third parties. It will also strengthen the overall stability of the UK financial sector. The government will decide which third parties fall under the new regime, based on advice from regulators.
The new rules do not lessen the responsibility of financial firms and financial market infrastructures (FMIs) to ensure their own resilience and to manage third-party risks, in line with existing outsourcing and operational resilience regulations. Regulators have opened the process for continued industry engagement as the framework is implemented.