/regulation & compliance

News and resources on regulation, compliance, legal and governance issues for banks and fintechs.

UK financial regulators to assume direct oversight of critical technology suppliers

British banking regulators have proposed further checks on financial firms' reliance on third party technology companies.

  9 1 comment

UK financial regulators to assume direct oversight of critical technology suppliers

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The Bank of England, Prudential Regulation Authority and Financial Conduct Authority are consulting on proposals to oversee and strengthen the resilience of services provided by critical third parties (CTPs) to UK regulated financial services firms and financial market infrastructure entities (FMIs).

The regulators fear that disruptions at third party sites could have a destabilising effect on the ability of banks to service the wider economy.

The new proposals would give regulators the power to assume direct oversight of third party firms' technology and cyber resilience, as well as on supply chain risk, change and incident management. The rules would give regulators the rights to perform on-site inspections and would apply principally to Big Tech cloud providers such as IBM, Google, Microsoft and Amazon.

"Financial market infrastructure firms are becoming increasingly dependent on third-party technology providers for services that could impact UK financial stability if they were to fail or be disrupted," says BoE Deputy Governor Sarah Breeden. "We are consulting today on proposals to implement new powers given to us by Parliament to manage these risks for those providers who could present risks to financial stability, in an effective and proportionate way."

The consultation on the proposals is open to feedback until 15 March, with final rules published in H2 2024.

Sponsored [Impact Study] 2024 Fraud Trends in Banking, Insurance, and Beyond

Comments: (1)

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

This has already been happening with US regulators for decades. In my old (IT) company, all the ODCs we ran for banks and FIs used to undergo annual / biannual audits by OCC and other BFS industry regulators.

[Webinar] Solving the KYC challenge with end-to-end processesFinextra Promoted[Webinar] Solving the KYC challenge with end-to-end processes