"Firms are becoming increasingly dependent on third-party technology providers for services that could impact the financial stability of the UK if they were to fail"
CTPs provide certain services to regulated financial services firms that the regulators say could affect financial stability and cause harm to consumers if they fail or are disrupted.
Well managed outsourcing and other arrangements with third parties can bring benefits to firms, for example through efficiency gains, reduced costs, scalability, faster innovation, better customer outcomes, and improved operational resilience.
However, as the Bank of England’s Financial Policy Committee (FPC) highlighted in 2021, financial stability could be affected by disruption at a small number of third-party service providers relied upon by firms.
In response, the Government included legislative proposals in the Financial Services and Markets Bill, currently before Parliament, to grant the supervisory authorities powers to directly oversee the resilience of services that CTPs provide to the UK financial sector.
The discussion paper sets out potential measures for how the supervisory authorities could use their proposed powers, which include:
- A framework for identifying potential CTPs, which would inform the supervisory authorities’ recommendations for formal designation by HM Treasury.
- Minimum resilience standards, which would apply to the services that designated CTPs provide to firms.
- A framework for testing the resilience of material services that CTPs provide to firms using a range of tools, including but not limited to scenario testing, participation in sector-wide exercises, cyber resilience testing, and skilled persons reviews of CTPs.
Comments are open until 23rd December 2022. Subject to the outcome of Parliamentary debates on the Financial Services and Market Bill, and having considered responses to this discussion paper, the regulators plan to consult on their proposed requirements and expectations for CTPs in 2023.
Sam Woods, CEO of the PRA, said: "It is vital that the firms we regulate can rely on services provided to them by third parties, particularly where those third parties have become critical parts of the system. Today's paper sets out our thinking on how we can ensure the right levels of resilience for those services - we would welcome views from anyone taking an interest in this area."
Jon Cunliffe, deputy governor for financial stability, said: "Financial market infrastructure firms are becoming increasingly dependent on third-party technology providers for services that could impact the financial stability of the UK if they were to fail or experience disruption. The potential measures examined in this DP provide an initial, but important step for the Bank of England to manage these systemic risks (in coordination with the FCA). The DP also includes suggestions to improve coordination between the Bank/PRA and FCA, international financial regulators, and UK non-financial regulators, which is key given the cross-border and cross-sectoral nature of many CTPs and the services they provide."
Nikhil Rathi, chief executive of the FCA, said: "In an increasingly digital world, financial businesses are more dependent on a small number of third-party providers. That can bring significant benefits, but also comes with resilience risk. We want an open discussion about how we should use new powers Parliament is giving us to oversee the services these third parties provide to the financial sector and reduce the risk of major disruption, which could cause harm to consumers and markets."