/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.

UK financial watchdogs set out new rules for overseeing critical third party tech providers

UK financial regulators have confirmed new rules to bolster the resilience of technology and other third parties providing key services to financial firms.

  7 1 comment

UK financial watchdogs set out new rules for overseeing critical third party tech providers

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The regulators have been stirred to act as financial firms increasingly rely on a small number of tech providers to keep the lights on. While these third parties can enhance competitiveness for the sector, notes the FCA, disruption or failure to one of them — such as a cyber-attack or power outage - could affect a large number of consumers and firms, and threaten the stability of the UK financial system.

Under the new regime, critical third party (CTP) technology providers will, in part, come under the ambit of the FCA and Bank of England.

As guided by the regulators, HM Treasury will be called on to designate a third party service provider as a CTP if, in its opinion, a failure in, or disruption to, the services that the third party provides to firms could threaten the stability of, or confidence in, the UK financial system.

Once designated, CTPs will not be overseen in their entirety by the regulators, but the third-party services they specifically provide to the financial services sector will be overseen.

Under the new regime, Big Tech firms will need to provide regular assurance, information and notifications to the financial regulators on their services, undertake various forms of resilience testing and scenario-based exercises, including collaborating on some with their firms and financial market infrastructures (FMIs), and report major incidents like cyber-attacks, natural disasters and power outages

The FCA emphasises that the new rules do not reduce the responsibility of financial firms and FMIs in making sure they are resilient to operational shocks and for their management of third-parties, in-line with existing outsourcing and operational resilience rules.

Sponsored New Event Report – Natural Capital Finance

Comments: (1)

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

Even 15 years ago, my old company, a provider of core banking, payments, trade finance, and other banking solutions to banks in USA, was subject to biannual OCC audits - because the health and uptime of our solutions could threaten the stability of and confidence in the US financial system. 

Do these new rules in UK mean that providers of similar solutions to UK banks have not been subject to similar oversight from UK regulators so far?

[New Impact Study] Catering to a new generation though unified card programmesFinextra Promoted[New Impact Study] Catering to a new generation though unified card programmes