UK financial regulators have confirmed new rules to
strengthen the resilience of technology and other third parties providing
essential services to financial firms.
Financial institutions and market infrastructures
increasingly depend on a small group of these third-party providers, known as
critical third parties. While they help enhance competition, any disruption to
their services—such as a cyber-attack or power outage—could impact many
consumers and firms, threatening the stability of the UK financial system.
Regulators Set Third-Party Guidelines
In 2023, the government gave regulators new powers to
oversee the resilience of services provided by these third parties. These
powers aim to mitigate risks that could affect financial stability.
Today, the Financial Conduct Authority, Bank of England, and
Prudential Regulation Authority outlined how they plan to use these new powers.
They consulted widely with the industry to shape the rules, which align closely
with international standards, such as the EU’s Digital Operational Resilience
Act.
Financial Firms Retain Responsibility
According to the regulators, once implemented, the new rules
will improve the resilience of services provided by critical third parties. It will
also strengthen the overall stability of the UK financial sector. The
government will decide which third parties fall under the new regime, based on
advice from regulators.
The new rules do not lessen the responsibility of financial
firms and financial market infrastructures (FMIs) to ensure their own
resilience and to manage third-party risks, in line with existing outsourcing
and operational resilience regulations. Regulators have opened the process for
continued industry engagement as the framework is implemented.
UK financial regulators have confirmed new rules to
strengthen the resilience of technology and other third parties providing
essential services to financial firms.
Financial institutions and market infrastructures
increasingly depend on a small group of these third-party providers, known as
critical third parties. While they help enhance competition, any disruption to
their services—such as a cyber-attack or power outage—could impact many
consumers and firms, threatening the stability of the UK financial system.
Regulators Set Third-Party Guidelines
In 2023, the government gave regulators new powers to
oversee the resilience of services provided by these third parties. These
powers aim to mitigate risks that could affect financial stability.
Today, the Financial Conduct Authority, Bank of England, and
Prudential Regulation Authority outlined how they plan to use these new powers.
They consulted widely with the industry to shape the rules, which align closely
with international standards, such as the EU’s Digital Operational Resilience
Act.
Financial Firms Retain Responsibility
According to the regulators, once implemented, the new rules
will improve the resilience of services provided by critical third parties. It will
also strengthen the overall stability of the UK financial sector. The
government will decide which third parties fall under the new regime, based on
advice from regulators.
The new rules do not lessen the responsibility of financial
firms and financial market infrastructures (FMIs) to ensure their own
resilience and to manage third-party risks, in line with existing outsourcing
and operational resilience regulations. Regulators have opened the process for
continued industry engagement as the framework is implemented.
This post is originally published on FINANCEMAGNATES.