News

UK regulators set new rules to enhance resilience of service providers

Wednesday 13 November 2024 14:50 CET | News

UK financial regulators have established new rules aimed at enhancing the resilience of technology and third-party providers supporting financial firms.

 

The framework, announced by the Financial Conduct Authority (FCA), Bank of England, and Prudential Regulation Authority, targets critical third parties, a small group of external service providers that have become essential to financial firms and market infrastructures (FMIs) such as payment systems. According to the FCA, this limited set of third parties plays an important role in promoting efficiency and competitiveness within the financial sector, but also represents potential points of vulnerability should disruptions occur, including from cyber-attacks or outages. 

In 2023, the UK government granted regulators new powers to oversee the operational resilience of these critical service providers, with the intent of reducing risks to financial stability. Today’s announcement outlines how regulators plan to implement these powers, following extensive consultations with the industry. The new rules align with international standards, such as the EU’s Digital Operational Resilience Act, reflecting global efforts to address operational resilience.

 

 UK financial regulators have established new rules aimed at enhancing the resilience of technology and third-party providers supporting financial firms.

 

A focus on sector-wide resilience and stability 

Under the new regime, the government will determine which third-party providers are subject to these oversight requirements, based on input from financial regulators. Once designated, critical third parties will be required to: 

  • Provide regular updates and notifications to financial regulators regarding their services. 
  • Conduct resilience testing and engage in scenario-based exercises, which in some cases will involve direct collaboration with financial firms and FMIs.
  • Report significant incidents, such as cyber-attacks, natural disasters, or power outages. 

The final framework intends not only to improve the resilience of individual providers but also to enhance the stability of the UK financial sector. Despite this new oversight, financial firms and FMIs remain responsible for ensuring their own operational resilience and for managing third-party risks in line with existing rules on outsourcing and operational resilience.  

The regulatory bodies have invited ongoing industry engagement throughout the implementation period. During a consultation published in December 2023, regulators received positive feedback from over 60 industry respondents, showing wide support for the new resilience framework. The final rules and policy will come into effect on 1 January 2025.


Source: Link


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: regulation, compliance, financial services, financial institutions
Categories: Fraud & Financial Crime
Companies: Financial Conduct Authority
Countries: United Kingdom
This article is part of category

Fraud & Financial Crime

Financial Conduct Authority

|
Discover all the Company news on Financial Conduct Authority and other articles related to Financial Conduct Authority in The Paypers News, Reports, and insights on the payments and fintech industry: