Bank of England, PRA, and FCA Collaborate on Strengthening Oversight of Critical Third Parties in Financial Services

In a joint effort to enhance the resilience of the UK's financial sector, the Bank of England (BoE), Prudential Regulation Authority (PRA), and Financial Conduct Authority (FCA) have unveiled proposals to oversee critical third parties (CTPs) providing services to regulated financial services firms and financial market infrastructure entities.

CTPs play a pivotal role in delivering essential services to banks, insurers, and financial market infrastructure firms, contributing to operational resilience and fostering innovation. However, the potential risks posed by disruptions or failures of these third-party providers could impact UK financial stability. Recognizing the systemic nature of these risks, the regulators are introducing measures for direct regulatory oversight while maintaining the distinct responsibilities of individual firms and entities in managing operational resilience and third-party risk.

Key Aspects of the Proposals:

1. Identification of Potential CTPs:
2. The regulators may identify potential CTPs and recommend them for designation to HM Treasury (HMT). Designation would subject these entities to enhanced regulatory scrutiny.
3. Fundamental Rules for CTPs:
4. A set of fundamental rules applicable to all services provided by CTPs to UK firms and financial market infrastructure entities. These rules will serve as a general statement of obligations under the proposed regime.
5. Granular Operational Risk and Resilience Requirements:
6. More detailed operational risk and resilience requirements, focusing on CTPs' material services to firms and entities. These requirements cover areas such as technology and cyber resilience, supply chain risk, change management, and incident response.
7. Information and Assurance Requirements:
8. CTPs will be obligated to provide specific information and assurance to regulators, including an annual self-assessment and scenario testing to assess their ability to deliver services during severe disruptions.
9. Notification of Disruptions:
10. CTPs must promptly notify regulators, as well as the firms and entities they serve, of specific disruptions that could adversely impact the services provided.

The collaborative approach by the regulatory authorities underscores the importance of mitigating risks associated with third-party service providers to ensure the stability and competitiveness of the UK's financial sector.

The GRC Report is the first word in governance, risk, and compliance news. As your trusted source for comprehensive coverage, the GRC Report keeps you informed and equipped to navigate the evolving landscape of governance, risk, and compliance. And remember, the GRC Report isn't just a news source; it's a community of professionals who share your passion for GRC excellence. Don't miss out on our insightful articles and breaking news – join the conversation and empower your GRC journey.