Proposals set out for resilience of FS CTPs

The Bank of England, Prudential Regulation Authority and Financial Conduct Authority have set out a series of potential measures designed to strengthen the resilience of services provided by critical third parties to the UK financial sector.

As the Bank of England’s Financial Policy Committee highlighted in 2021, financial stability could be affected by disruption at a small number of third-party service providers. In response, the Government included legislative proposals in the Financial Services and Markets Bill, currently before Parliament, to grant the supervisory authorities’ powers to directly oversee the resilience of services that critical third parties provide to the UK financial sector.

The discussion paper sets out potential measures for how the supervisory authorities could use their proposed powers, which include:

-a critical third parties framework for identifying potential, which would inform the supervisory authorities’ recommendations for formal designation by HM Treasury.
-minimum resilience standards, which would apply to the services that designated critical third parties provide to firms and FMIs.
-a framework for testing the resilience of material services that critical third parties provide to firms and FMIs using a range of tools, including but not limited to scenario testing, participation in sector-wide exercises, cyber resilience testing, and skilled persons reviews of critical third parties.

These measures would complement, rather than replace, existing responsibilities to manage risks from contracts with third parties. The supervisory authorities would only oversee the systemic risks arising from the services critical third parties provide to firms and FMIs.

Jon Cunliffe, deputy governor for financial stability said: “Financial market infrastructure firms are becoming increasingly dependent on third-party technology providers for services that could impact the financial stability of the UK if they were to fail or experience disruption. The potential measures examined in this DP provide an initial, but important step for the Bank of England to manage these systemic risks (in coordination with the FCA). The DP also includes suggestions to improve coordination between the Bank/PRA and FCA, international financial regulators, and UK non-financial regulators, which is key given the cross-border and cross-sectoral nature of many critical third parties and the services they provide.”

Nikhil Rathi, chief executive of the FCA added: “In an increasingly digital world, financial businesses are more dependent on a small number of third-party providers. That can bring significant benefits, but also comes with resilience risk. We want an open discussion about how we should use new powers Parliament is giving us to oversee the services these third parties provide to the financial sector and reduce the risk of major disruption, which could cause harm to consumers and markets.”

The operational resilience discussion paper may be accessed here:

Comments are open until 23rd December 2022.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.