11 Jun 2024
by Micheal Jefferson

Critical third party (CTP) regime implementation needs to enable continued digital transformation

The UK is at the forefront of digital transformation in financial services and, through measures including open banking and regulatory sandboxes, as well as a focus on competitiveness in regulatory objectives, it has delivered an innovative, robust and competitive landscape for financial services firms and consumers. As part of this, advanced technologies, such as cloud computing, have enabled significant benefits that underpin the financial sector landscape, including increased security, flexibility, operational resilience, rapid scalability and reliability.

In the next 12 months the proposed regime for critical third parties (CTPs) to the UK financial services sector will be implemented, bringing material services provided by those advanced technologies into regulatory scope for the first time. The Financial Services and Markets Act 2023 allows HM Treasury to designate a third party as critical in consultation with the Bank of England (BoE), Prudential Regulation Authority (PRA), and Financial Conduct Authority (FCA). Designated CTPs will then be subject to direct oversight for the first time to “…manage potential risks to the stability of, and confidence in, the UK financial system that may arise due to disruption of services provided by a CTP.”

At AWS, we welcome the risk-based, outcomes-focused regime as set out in the recent consultation paper CP26/23. However, it is important that the implementation does not introduce barriers on how financial services firms choose to use technologies on a location or industry basis that might reduce the scope of digital transformation. This will be particularly important as we look towards a new-wave of innovation enabled by Generative Artificial Intelligence (GenAI).

Regulation can help enable businesses, support customers and protect societies. However, ensuring regulations strike the right balance and meet the objectives of all stakeholders is crucial, especially in highly regulated industries like financial services. Within the UK the CTP regime has the opportunity to deliver on these objectives and develop a regime that is at the forefront of digital transformation as well as international interoperability to support an innovative financial services sector.

In order to deliver this, we believe that changes to the proposed regime could include introduction of the AWS shared responsibility model as an appropriate regulatory concept for operational resilience, emphasising that any information required to be provided to the regulator under the regime will always be on a proportionate, useful, and relevant basis, and avoiding a requirement for regulated firms to adopt a multi-vendor cloud strategy as part of the CTP regime.


Ella Gago-Brookes

Ella Gago-Brookes

Team Assistant, Markets, techUK

Ella joined techUK in November 2023 as a Markets Team Assistant, supporting the Justice and Emergency Services, Central Government and Financial Services Programmes.  

Before joining the team, she was working at the Magistrates' Courts in legal administration and graduated from the University of Liverpool in 2022.  Ella attained an undergraduate degree in History and Politics, and a master's degree in International Relations and Security Studies, with a particular interest in studying asylum rights and gendered violence.  

In her spare time she enjoys going to the gym, watching true crime documentaries, travelling, and making her best attempts to become a better cook.  

Email:
[email protected]

Read lessmore

Financial Services updates

Sign-up to get the latest updates and opportunities from our Financial Services programme.

 

 

Authors

Micheal Jefferson

Micheal Jefferson

Head of Financial Services Public Policy UK, MEA & Switzerland, Amazon Web Services

Blog on AWS: https://aws.amazon.com/blogs/industries/uk-regime-for-critical-third-parties-and-its-impact-on-financial-services-customers/