The Bank of England, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) are consulting on proposals to oversee and strengthen the resilience of services provided by critical third parties (CTPs) to UK regulated financial services firms and financial market infrastructure entities.
The proposals set out in the consultation paper follow Parliament’s adoption of the Financial Services and Markets Act 2023, which gave HM Treasury power to designate certain third-party service providers to UK firms and infrastructure entities as CTPs, and regulators power to make rules for, and oversee, designated CTPs.
The UK regulators acknowledge that CTPs provide benefits, including greater operational resilience and innovation, but note that if they are disrupted or fail, there are potential risks to financial stability that are beyond the ability of any individual firm to manage and require an appropriate but proportionate level of direct regulatory oversight.
“Third-party service providers often play a vital role in the delivery of important services by banks and insurers. These arrangements bring benefits, but also potential risks,” says Sam Woods, deputy governor of prudential regulation and CEO at the PRA. “We are consulting on proposals to implement new powers given to us by Parliament to manage these risks for those providers who could present risks to financial stability in an effective and proportionate way.”
Nikhil Rathi, chief executive at the FCA adds: “These proposals will improve the resilience of the critical third-party services that financial firms and their customers depend on, support market integrity and enhance UK competitiveness and growth.”
Proposals in the CP include: a set of fundamental rules that would apply to all the services CTPs provide to UK firms and FMIs; more granular operational risk and resilience requirements to apply only to CTPs’ material services to firms and FMIs; requirements for CTPs to provide certain information and assurance to the regulators, including submitting an annual self-assessment, and conducting regular testing of their ability to provide material services in severe but plausible disruption; requirements for CTPs to notify the regulators, the firms and FMIs they provide services to of specific disruptions that may adversely impact the services provided. CTPs will not be authorised or overseen in their entirety by the regulators, but the third-party services they provide will be overseen against these proposals once they are finalised.
Feedback to the CP is open until 15 March 2024. Subject to feedback, the regulators propose to publish final requirements and expectations for CTPs in the second half of 2024.
Subscribe to our newsletter