To guard against risks to the financial system posed by outsourcing, the U.K.’s financial regulators are seeking enhanced oversight of cloud services providers and other outside firms.
The Bank of England, the U.K.’s Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) launched a consultation on a joint set of proposals that aim to strengthen the resilience of services provided by “critical third parties” to industry firms and infrastructure, and beef up oversight for these firms.
While outside services providers can enhance operational resilience and supply innovation, they also pose a risk to financial stability if they face disruptions or fail outright, the regulators said.
As a result, they’re seeking to bolster direct regulatory oversight of these firms while also maintaining the obligations on financial industry firms to ensure resilience and third-party risk management.
Among other things, the paper sets out a proposed set of fundamental rules that would apply to the services that external providers supply to financial industry and market infrastructure firms; introduces more detailed operational risk and resilience requirements, including requirements on technology, cyber resilience and supply chain risk; and outlines regulatory reporting and stress testing requirements.
“Well managed outsourcing can bring efficiencies, accelerate innovation and boost operational resilience. With a concentration of third parties serving multiple clients in financial services, there is, however, a risk of major impact if they are disrupted or fail,” said Nikhil Rathi, chief executive of the FCA, in a release.
“We believe these proposals will improve the resilience of the critical third-party services that financial firms and their customers depend on, support market integrity and enhance U.K. competitiveness and growth,” he said.
“The proposals in this consultation paper build on last year’s discussion paper to enable the Bank of England, in coordination with the PRA and the FCA, to manage these systemic risks, while enabling U.K. [market infrastructure firms] also to benefit from using such providers,” said Sarah Breeden, deputy governor for financial stability at the Bank of England.
The proposals are open for comment until March 15.
The regulators are aiming to set their final requirements in the second half of 2024.