UK Regulators to Begin Oversight of Critical Third Parties from July 2026 | LeapRate

The Bank of England, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) will begin jointly overseeing the UK’s first Critical Third Parties (CTPs) starting Monday, 13 July 2026, following formal designation by HM Treasury (HMT).

HMT has named four global technology providers as the first CTPs under the new regime: Amazon Web Services EMEA SARL, Google Cloud EMEA Limited, Microsoft Ireland Operations Ltd, and Oracle Corporation UK Limited. These firms supply critical infrastructure to the UK financial sector, meaning any disruption to their services could ripple across multiple institutions simultaneously, posing risks to financial stability.

Under the new proportionate regulatory framework, the three regulators will work collectively with designated CTPs to manage systemic risks and strengthen resilience across the financial system. CTPs will be required to identify and mitigate risks to their critical services, and maintain clear communication with regulators and client firms, especially during major incidents.

Officials stressed the regime does not replace existing rules requiring individual firms to manage their own third-party risk, due diligence and contingency planning.

Sarah Breeden, the Bank’s Deputy Governor for Financial Stability, said the oversight approach would help safeguard stability as reliance on such providers grows. FCA Chief Executive Nikhil Rathi added that concentrated reliance on a handful of providers means “a single failure can reverberate across the financial system,” making the new regime essential to maintaining confidence in UK markets.

HMT retains authority over future designations and de-designations, with regulators set to periodically review CTPs’ compliance and effectiveness of oversight going forward.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *