Skip to content

3 UK Regulators Issue Paper CP 26/23 On Operational Resilience

Dec 11, 2023 11:40:30 AM

What has happened? 

In December 2023, the FCA, the PRA and the Bank of England jointly issued their consultation paper CP 26/23 concerning operational resilience.

What are the key points of the CP? 

It sets out the proposed requirements to be established in rules and accompanying expectations for critical third parties (CTPs). 

The key aim of the proposed requirements and expectations in this CP is to manage potential risks to the stability of, or confidence in, the UK financial system that may arise due to a failure in, or disruption to, the services that a CTP provides to one or more authorised persons, relevant service providers and/or financial market infrastructure entities (‘FMIs’) 

The regulators consider that the proposals in this CP would allow them to monitor and manage these risks in an effective but proportionate manner and to advance their respective objectives. 

The proposals would result in:

  • requirements for CTPs in the Bank Rulebook, PRA Rulebook, and FCA Handbook,
  • a joint Bank/PRA/FCA supervisory statement setting out the regulators’ expectations of how CTPs should comply with and interpret the proposed requirements in their rules, and
  • a joint Bank/PRA supervisory statement and FCA guidance on the regulators’ policy and expectations on the use of skilled person reviews of CTPs as an oversight tool.
The Bank and the PRA also intend to consult on a joint statement of policy in relation to the use of their disciplinary powers over CTPs, which will be aligned to their ongoing wider review of enforcement. To maintain a joint approach to the CTP oversight regime across the three regulators, the FCA intends to consult on its statement of policy on the use of disciplinary powers over CTPs around the same time.

The regulators also intend to publish a document setting out how they will carry out their oversight roles in relation to CTPs in due course. This CTP approach document is intended to help CTPs, firms, and FMIs understand how the regulators will oversee CTPs in practice and to uphold the regulators’ accountability to the public and Parliament through greater transparency.

The CP sets out the following proposals for CTPs:

  • A set of high-level Fundamental Rules that would apply to all the services that CTPs provide to UK firms and FMIs and act as a general statement of CTPs’ obligations under the proposed regime,
  • A set of more granular Operational Risk and Resilience Requirements that would only apply to CTPs’ ’material services’ to firms and FMIs, and would cover areas such as dependency and supply chain risk management, technology and cyber resilience, change management and incident management, and
  • Proposed requirements for CTPs to:
o    provide certain information to the regulators periodically, including an annual self-assessment, and upon request, and
o    perform certain forms of testing, including regular tests of their ability to continue providing material services in severe but plausible disruption (‘scenario testing’), and

  • Proposed requirements for CTPs to notify the regulators, and the firms and FMIs they provide services to of certain incidents.

How can we help you? 

Thistle Initiatives has supported firms for over 10 years as a trusted compliance and regulatory advisor. In addition to assisting you as-and-when, our team of specialists can serve as your right hand in meeting and complying with FCA regulations. We understand the importance of staying up-to-date and compliant and are dedicated to providing the guidance and support needed to do so. 

Are you looking for help with your operational resilience procedures, or more general regulatory questions? Contact our specialist lending team now to schedule a free consultation. Get in touch with us by calling 020 7436 0630 or sending an email to info@thistleinitiatives.co.uk