Regulatory creep: critical third parties in scope

On top of the operational resilience rules for financial institutions that are about to go live, the regulators have introduced a new regime for external service providers that are relied on for essential functioning of the sector. Emma Radmore and Sheilah Mackie examine what's now in place and what may be yet to come.

Emma Radmore is a legal director with the Financial Institutions team at Womble Bond Dickinson. Sheilah Mackie is a legal director whose specialisms include outsourcing for clients in various sectors. Contact them on emma.radmore@wbd-uk.com and sheilah.mackie@wbd-uk.com.

Just when regulated firms are (hopefully) reaching the end of their preparations for complying with the Financial Conduct Authority's operational resilience requirements, which take full effect from the end of March 2025 [1], both they and their service providers face newly-finalised rules imposing regulatory supervision on key service providers, along with the prospect of greater reporting of incidents and third-party arrangements.