By 
British banking regulators, including the Bank of England, Prudential Regulation Authority, and Financial Conduct Authority, have put forth proposals for increased scrutiny of financial firms’ reliance on third-party technology providers.
In an effort to reinforce the resilience of services offered by critical third parties (CTPs) to UK-regulated financial services firms and financial market infrastructure entities (FMIs), the regulators are seeking expanded oversight. Concerns arise from potential disruptions at third-party sites, which could have destabilizing effects on banks’ ability to serve the broader economy.
The proposed measures grant regulators the authority to directly oversee the technology and cyber resilience of third-party firms, along with assessing supply chain risk, change management, and incident management. These rules are primarily targeted at major technology cloud providers, including IBM, Google, Microsoft, and Amazon.
Sarah Breeden, Deputy Governor of the Bank of England, states, “Financial market infrastructure firms are becoming increasingly dependent on third-party technology providers for services that could impact UK financial stability if they were to fail or be disrupted. We are consulting today on proposals to implement new powers given to us by Parliament to manage these risks for those providers who could present risks to financial stability, in an effective and proportionate way.”
The consultation on these proposals is open for feedback until March 15, with final rules expected to be published in the second half of 2024.
Comments