/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.
UK financial regulators to assume direct oversight of critical technology suppliers

UK financial regulators to assume direct oversight of critical technology suppliers

British banking regulators have proposed further checks on financial firms' reliance on third party technology companies.

The Bank of England, Prudential Regulation Authority and Financial Conduct Authority are consulting on proposals to oversee and strengthen the resilience of services provided by critical third parties (CTPs) to UK regulated financial services firms and financial market infrastructure entities (FMIs).

The regulators fear that disruptions at third party sites could have a destabilising effect on the ability of banks to service the wider economy.

The new proposals would give regulators the power to assume direct oversight of third party firms' technology and cyber resilience, as well as on supply chain risk, change and incident management. The rules would give regulators the rights to perform on-site inspections and would apply principally to Big Tech cloud providers such as IBM, Google, Microsoft and Amazon.

"Financial market infrastructure firms are becoming increasingly dependent on third-party technology providers for services that could impact UK financial stability if they were to fail or be disrupted," says BoE Deputy Governor Sarah Breeden. "We are consulting today on proposals to implement new powers given to us by Parliament to manage these risks for those providers who could present risks to financial stability, in an effective and proportionate way."

The consultation on the proposals is open to feedback until 15 March, with final rules published in H2 2024.

Comments: (1)

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 08 December, 2023, 10:36Be the first to give this comment the thumbs up 0 likes

This has already been happening with US regulators for decades. In my old (IT) company, all the ODCs we ran for banks and FIs used to undergo annual / biannual audits by OCC and other BFS industry regulators.