| UK & Europe | Articles
The joint discussion paper on operational resilience issued by the PRA, FCA and the Bank of England signals a potentially significant shift in gears around resilience for the regulatory environment and the UK financial services sector.
Since the first discussion paper around UK operational resilience was published in July 2018, and before the consultation period was due to close, the perfect stress test scenario was realised – the Covid-19 pandemic. This unprecedented event intensified the regulators attention on operational resilience and the weak points in the system.
Upping the ante
The Discussion Paper “Operational resilience: critical third parties to the UK financial sector” published this summer’ suggests the regulators are upping the ante on operational resilience. They have recognised that a large number of financial services firms have a significant dependency on a comparatively small number of third-party providers (TPPs), which fall outside their regulatory remit. Many firms are relying on these TPPs for a critical part of their operations, and so a failure at one of these organisations could have a systemic effect. The regulators are therefore looking to deploy a ‘pincer movement’ by prompting host firms to scrutinise these providers, whilst also being given the power to scrutinise critical third parties (CTPs) themselves.
What could the new rules look like?
The first step is the decision around which organisations qualify as CTPs. This power will be given to HMT according to the Financial Services and Markets Bill, which is currently at Committee stage in parliament. HMT will then convey authority to the regulators to delineate the rules and standards they will apply to CTPs and what enforcement action they should take.
Regulated host firms may also be asked to provide additional information such as due diligence, monitoring or exit plans. This way the regulators can ensure there are many eyes on the same CTPs, helping the regulators to maintain standards.
There is still much to be decided and defined including which organisations will be classified as CTPs, and what measures the regulators will have to sanction them.
The Discussion Paper currently proposes three categories of factors for determining a CTP:
- Materiality (e.g. provision of services critical to the to smooth functioning of the UK economy or financial system)
- Concentration (e.g. the number of firms in a given financial sector dependent on a TPP)
- Potential Impact (e.g. the risk of a domino effect where a TPP providing multiple individually immaterial services).
One thing is clear, the regulators are all moving towards operational resilience becoming a ‘financial services community spirit’ and the responsibility of everyone in the system.
What can firms do now to prepare?
The discussion paper is currently open until 23rd December, but there are still measures you can take to prepare for any new rules.
You shouldn’t take your foot off the pedal when it comes to operational resilience plans, particularly now that we’re already part-way through the three-year transition window . Firms are expected to keep moving with the development of their resilience framework, refining the mapping and testing of all their important businesses services and making the necessary investments to remediate any vulnerabilities. Ultimately, you must be able to consistently operate within your impact tolerances as soon as you can.
Where you’re dependent on TPPs who are unregulated core players in the industry, you could start to carry out some due diligence and monitoring now. This will help to mitigate the risk of these TPPs becoming CTPs and being unable to withstand regulatory scrutiny.
In addition, a CTP could be sanctioned for failures in a different service or sector, not provided by the host firm, but which nonetheless has a domino effect on their business. Therefore, it’s worth thinking about who else is using this provider and in what ways. Thinking about exit and contingency plans for future CTPs would be prudent. These plans would, for example, consider alternative providers and the time needed to transition to a new CTP, all whilst maintaining the firm’s operational resilience throughout.
How we can help
We have already supported numerous financial services firms from across the financial sector with their plans for operational resilience and have developed a range of tools and support packages to help our clients meet the regulators’ requirements.
We’ll make sure we understand your objectives and aspirations from the outset, and help you prioritise and plan your approach to regulation in a way that is efficient, cost effective and informed at all stages of your development.
Get in touch
