The Bank of England, Prudential Regulation Authority and Financial Conduct Authority (together, the supervisory authorities) have published a discussion paper proposing measures to supervise and enhance the resilience of critical third parties (CTPs) to the U.K. financial sector. Responses to the discussion paper may be submitted until December 23, 2022. The supervisory authorities intend to consult on proposed requirements for CTPs in 2023.
Currently, the supervisory authorities' direct powers over entities providing critical services to U.K. authorized firms, their service providers (authorized e-money institutions, payment institutions and registered account information services) and financial market infrastructures (together, U.K. regulated firms) are limited. The Financial Services and Markets Bill, introduced to Parliament yesterday, would grant HM Treasury and the supervisory authorities' new express powers to oversee such third parties. HM Treasury will be able to designate an entity as a CTP if it provides services to U.K. regulated firms and its failure would pose financial stability or confidence risk to the U.K.
The FSM Bill would empower the supervisory authorities to (among other things):
The supervisory authorities would only oversee the systemic risks arising from the provision of services by a CTP to U.K. regulated firms. The obligations on U.K. regulated firms to manage the risks of all their third party service providers would not be affected by the new requirements for CTPs. In other words, it remains the position that if a U.K. regulated firm outsources a function to a third party, it cannot delegate responsibility for compliance with any regulatory requirements relating to that function.
The supervisory authorities' discussion paper sets out proposals on:
[View source.]