The UK financial sector’s reliance on technology and big name firms is being addressed by the Bank of England, Financial Conduct Authority (FCA), and the Prudential Regulation Authority (PRA).
They all proposed rules to regulate the heavy reliance of financial firms on external technology companies for their critical business operations.
The UK regulators said big name tech firms “supply an array of services to firms and FMIs (financial market infrastructure entities), providing benefits, including greater operational resilience and innovation. However, if they are disrupted or fail, there are potential risks to UK financial stability.”
All three agencies say that managing these risks fully is beyond the ability of any individual firm or FMI, and requires an appropriate level of direct regulatory oversight.
These proposals are designed therefore to complement but not clash with the responsibilities of individual firms and FMIs relating to operational resilience and third-party risk management.
“Financial market infrastructure firms are becoming increasingly dependent on third-party technology providers for services that could impact UK financial stability if they were to fail or be disrupted,” said Sarah Breeden, Deputy Governor for Financial Stability.
“The proposals in this consultation paper (CP) build on last year’s discussion paper to enable the Bank of England, in co-ordination with the PRA and the FCA, to manage these systemic risks, while enabling UK FMIs also to benefit from using such providers,” said Breeden.
“Well managed outsourcing can bring efficiencies, accelerate innovation and boost operational resilience,” added Nikhil Rathi, chief executive of the FCA. “With a concentration of third parties serving multiple clients in financial services, there is, however, a risk of major impact if they are disrupted or fail.”
“We believe these proposals will improve the resilience of the critical third-party services that financial firms and their customers depend on, support market integrity and enhance UK competitiveness and growth,” said Rathi.
The minimum resilience standards require a third party tech firm to identify all services it provides to a financial firm, assess risks to its services and implement appropriate controls, undertake regular testing and have a mechanism for handling failures.
In addition, the proposals include:
CTPs such as AWS, Microsoft, Google etc, will not be authorised or overseen by the regulators, but the third-party services they provide will be overseen against these proposals, once finalised.
Feedback on the proposals will be gathered until 15 March 2024, and the regulators will publish their final requirements and expectations in the second half of next year.
Meanwhile the Associated Press has reported that the Bank of England, in its half-yearly Financial Stability Review, said it will make an assessment next year about the risks posed by artificial intelligence and machine learning.
“We obviously have to go into AI with our eyes open,” bank Governor Andrew Bailey was quoted by AP as saying at a press briefing.
“It is something that I think we have to embrace, it is very important and has potentially profound implications for economic growth, productivity and how economies are shaped going forward.”
“The moral of the story is if you’re a firm using AI, you have to understand the tool you are using, that is the critical thing,” Bailey reportedly said.
Bailey also reportedly admitted he is “palpably not” an expert on AI, and said the new technologies have “tremendous potential” and are not simply “a bag of risks.”
Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…
Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…
Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…
Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…
Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal
Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…