Technology and other service providers whose services underpin the UK financial system will be overseen from today by UK financial regulators The Bank of England, the Prudential Regulation Authority (PRA) and the FCA.
Known as critical third parties (CTPs), the firms are relied on by financial companies and markets and their disruption or failure could impact UK financial stability, the Treasury said.
It has today announced its first designations of four global cloud services and technology providers as CTPs: Amazon Web Services EMEA SARL, Google Cloud EMEA Limited, Microsoft Ireland Operations Ltd, and Oracle Corporation UK Limited.
The three regulators will jointly oversee the CTPs under a new regime, focused on the resilience of the critical services they provide to the UK financial sector.
The regulators will work together with the CTPs to tackle system-level risks and reduce the risk of disruption to the services they provide across the UK financial system.
The Treasury said the new regime would strengthen system-wide resilience and improve coordination and information sharing across the financial sector.
CTPs must identify and manage risks to their critical services effectively, and maintain open, timely communication with regulators and the firms that rely on them, particularly during major incidents.
The new regime does not replace existing outsourcing and operational resilience rules for regulated firms who remain responsible for managing their own third-party arrangements including due diligence, risk management and contingency planning.
Sarah Breeden, deputy governor for financial stability at the Bank of England, said: “As critical third parties become increasingly embedded in the operations of financial institutions, they can introduce new forms of systemic risk. Our proportionate approach to overseeing these providers will ensure that these dependencies are managed in a way that safeguards financial stability.”
Katharine Braddick, deputy governor for prudential regulation and CEO of the PRA, said: “By bringing critical third parties into the scope of oversight, we are ensuring that the infrastructure underpinning UK financial services is robust enough to support UK financial stability and confidence.”
Nikhil Rathi, chief executive at the FCA, said: “Critical third parties provide essential services which support innovation and growth. At the same time, when the same providers serve thousands of firms, a single failure can reverberate across the financial system.
“Operationalising this regime strengthens our ability to tackle those risks and improve overall resilience, ensuring the UK remains a safe and attractive place to do business.”
The Treasury is responsible for deciding which third party providers are designated as CTPs and any future designations or de-designations. The regulators will periodically review whether CTPs continue to meet the designation criteria, making recommendations to the Treasury and evaluating the effectiveness of the oversight approach.
The Bank, PRA and FCA will continue to work closely with the Treasury, the financial services industry and designated CTPs as the regime is implemented, the regulators said.