Supervisory authorities set out potential measures to protect resilience among critical third parties

A discussion paper released by the Bank of England, Prudential Regulation Authority and the Financial Conduct Authority looks to combat financial stability concerns related to third-party service providers.

The Bank of England, Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) have set out potential measures to strengthen the resilience of services provided by critical third parties (CTPs) to the UK financial sector.

Regulated financial services firms and financial market infrastructure firms (FMIs) are provided with services by CTPs that have the ability to affect financial stability and cause harm to consumers if they fail or are disrupted. The discussion paper, published collectively by the supervisory authorities, aims to reduce this risk.

The use of third parties for well managed outsourcing and other arrangements can provide firms and FMIs with benefits such as improvements in efficiency, lower costs, scalability, enhanced innovation and improved operational resilience. The Bank of England’s financial policy committee (FPC) noted however that financial stability could be affected by disruption at a small number of third-party service providers upon which firms and FMIs rely.

The Government responded to these concerns by including legislative proposals in the Financial Services and Markets Bill, which is currently before Parliament, to provide supervisory authorities with the ability to oversee the resilience of services that CTPs provide to the UK financial sector – particularly data and cloud services providers, along with some intermediaries.  

The discussion paper released by the supervisory authorities this week sets out potential measures for how they could use their proposed powers, including a framework for identifying potential CTPs; minimum resilience standards which would apply to the services that designated CTPs provide; and a framework for testing the resilience of material services that CTPs provide to firm and FMIs.

Firms and FMIs’ existing responsibilities to manage risks from contracts with third parties will not be replaced by these measures but will instead complement them. The supervisory authorities stated that they would only oversee the systemic risks arising from the services CTPs provide to firms and FMIs.

Comments on the discussion paper are open until 23 December this year and subject to the outcome of Parliamentary debates on the Financial Services and Market Bill, as well as responses to the discussion paper, the supervisory authorities intend to consult on their proposed requirements and expectations for CTPs next year.

“Financial market infrastructure firms are becoming increasingly dependent on third-party technology providers for services that could impact the financial stability of the UK if they were to fail or experience disruption,” said Jon Cunliffe, deputy governor for financial stability.

“The potential measures examined in this DP provide an initial, but important step for the Bank of England to manage these systemic risks (in coordination with the FCA). The DP also includes suggestions to improve coordination between the Bank/PRA and FCA, international financial regulators, and UK non-financial regulators, which is key given the cross-border and cross-sectoral nature of many CTPs and the services they provide.”

Nikhil Rathi, chief executive of the FCA added: “In an increasingly digital world, financial businesses are more dependent on a small number of third-party providers. That can bring significant benefits, but also comes with resilience risk. We want an open discussion about how we should use new powers Parliament is giving us to oversee the services these third parties provide to the financial sector and reduce the risk of major disruption, which could cause harm to consumers and markets.”