Reflecting the financial sector’s deepening reliance on technology, UK financial regulators have begun overseeing a select group of major tech firms that are central to the industry’s operations.

Effective July 13, the UK’s financial regulators—the Financial Conduct Authority (FCA), the Bank of England, and the Prudential Regulation Authority (PRA)—will assume oversight of Amazon, Google, Microsoft, and Oracle. These companies are the first to be designated as “critical third parties” by HM Treasury.

The designations acknowledge that the services these firms provide underpin the UK financial system.

“Given the widespread reliance on these services, any disruption or failure could simultaneously impact multiple firms or markets, potentially threatening UK financial stability and the services used by millions of consumers and businesses,” the regulators stated.

The joint oversight framework will focus on ensuring the resilience of the services these tech firms provide to the financial sector. To that end, the regulators will collaborate with the designated firms to address system-level risks and mitigate the risk of disruptions cascading across the UK financial system.

The regulators noted that this new oversight arrangement for tech giants complements existing outsourcing and operational resilience rules for regulated financial firms.

“As critical third parties become increasingly embedded in the operations of financial institutions, they can introduce new forms of systemic risk,” said Sarah Breeden, Deputy Governor for Financial Stability at the Bank of England. “Our proportionate approach to overseeing these providers will ensure that these dependencies are managed in a way that safeguards financial stability.”

HM Treasury is responsible for designating tech firms as critical providers subject to regulatory oversight, including adding firms to the list in the future. The regulators will also recommend whether designated firms continue to meet the criteria based on periodic reviews.

The financial regulators received new powers to oversee critical service providers under legislation initially adopted in 2020 and revised in 2023; the rules implementing these responsibilities took effect in 2025.

Source link

Exit mobile version