UK financial regulators have detailed new rules intended to bolster the resilience of technology and other third parties providing key services to financial firms.

In a joint policy statement, the Financial Conduct Authority, Bank of England and Prudential Regulation Authority have set out how they intend to use new powers, given by the government in 2023, to oversee the resilience of the services third parties provide to the financial the sector.

Financial firms and financial market infrastructures, such as payment systems, have become increasingly reliant on the services of a small number of third-party providers, known as critical third parties. The FCA says that while these third parties can enhance competitiveness for the sector, disruption or failure to one of them – such as a cyber-attack or power outage – could affect a large number of consumers and firms, and threaten the stability of the UK financial system.

The UK regulators have issued the policy guidance having consulted across the sector on the design of the regime. The new rules have been set to align closely with international standards and similar regimes, like the EU’s Digital Operational Resilience Act.

The FCA says that the final rules, when implemented, will not only strengthen the resilience of the services that critical third parties provide to individual firms, but will improve the resilience of the UK financial services sector as a whole.

The government will decide which third parties should fall under the new regime based on advice from regulators.

---