News -

UK PRA publishes rules for outsourcing and third-party risk management

This week, the UK’s Prudential Regulation Authority (PRA) published its Supervisory Statement on outsourcing and third-party risk management.

The publication offers guidance for businesses across the banking and financial services sector on what they should do when outsourcing services and mitigating third-party risk.

This follows the Bank of England’s Consultation Paper 30/19 published in 2019, which set out the key considerations to take forward in the official guidance.

Within this Supervisory Statement, the PRA considers an escrow agreement as one of a number of relevant resiliency options for firms to consider when undertaking business continuity and exit planning.

While it does not mandate or favour a single resiliency option, the PRA encourages firms to explore appropriate and viable options which, the PRA states explicitly, “may include escrow”.

Commenting on this news, Simon Fieldhouse, global managing director – software resilience at NCC Group said:"NCC Group has long taken the view that software and technology escrow solutions offer legal and technical assurance to allow firms to adopt, innovate and manage third-party technologies with confidence.

"We are delighted that the PRA has explicitly included escrow agreements as a relevant resiliency option in outsourcing contracts, as proposed by our experts.


“However, the work doesn't stop here. We must continue to engage with regulators world-wide to encourage them to acknowledge escrow agreements as a mechanism that enable organisations to comply with third-party risk mitigation, outsourcing and business continuity requirements and as a way to operate and grow in a resilient, safe and secure way.

"We believe that awareness and education of operational resilience needs to improve and that regulators can play a role in supporting financial institutions in achieving resilience by design.”

The new regulation will come into play on Thursday 1 April and will affect all regulated entities, independent software vendors, and cloud suppliers. If you’d like to find out more about what’s next read our Spotlight on’ piece here.

Topics

  • Technology, general

Categories

  • uk

Contacts

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7721577574

Related content

NCC Group launches flagship Partner Network

Through NCC Group’s Software Resilience Partner Network, software vendor partners can use NCC Group’s cloud and on-premise software resilience services to enhance their offering and support their customers to innovate and grow in a resilient, safe and secure way.

Insights paper: EU Financial Services Guidance for IT Outsourcing Regulation and Managing Third-Party Risk

To support EU financial services organisations on their journey to compliance we have compiled the key EU regulations around IT outsourcing, highlighting specific rules and guidance around business continuity and contingency planning for critical functions. In this paper, you’ll find NCC Group’s best practice advice and recommended solutions for managing third-party risk and ensuring compliance.

Webinar playback: Mastering compliance with global IT outsourcing regulations in the Finance Sector

In a recent webinar, Tim Rawlins, Director and Senior Advisor at NCC Group, gave some best practice advice to support you in achieving compliance with the latest global regulations around third-party risk management so that you can partner with third-party fintech providers with confidence.

Spotlight on the future of outsourcing in the UAE’s financial services sector

As part of our ‘Spotlight on’ series this month, Simon Fieldhouse, global managing director – Software Resilience looks to the Middle East and how the changing regulatory landscape is shaping the future of its financial services sector.

Building resilience into the digital transformation process

Worldwide spending on digital transformation technologies and services increased by as much as 10% in 2020, reaching $1.3 trillion. But how does widespread adoption affect operational resilience – and how can the legal sector support businesses? Tim Rawlins, Senior Adviser, explores this.

Making the UK a tech and science superpower: what can businesses take from the UK’s Budget?

Yesterday in the UK parliament, the Chancellor Rishi Sunak announced the new Autumn Budget and three-year Spending Review, which set out the government’s ambition to make the UK a global technology and science superpower. Our global CTO, Ollie Whitehouse, comments.

Spotlight on the UK’s new operational resilience regulation

After years of consultation, the UK’s Prudential Regulation Authority (PRA) is set to publish new rules on outsourcing and third-party risk management this month. In our ‘Spotlight on’ series, Simon Fieldhouse explores what this means for the sector, its resilience, and the pace of digital transformation.

Australian Prudential Regulation Authority (APRA) updates four-year plan

Joss Howard, senior advisor, NCC Group comments on the news that Australian Prudential Regulation Authority (APRA) has updated its four-year plan acknowledging the tumultuous year so far.

Spotlight on the EU’s Digital Operational Resilience Act (DORA)

The EU Commission is currently developing the Digital Operational Resilience Act (DORA) – new legislation aimed at financial entities at EU level. But what does it mean and what should businesses do now to prepare? Simon Fieldhouse, global managing director – Software Resilience at NCC Group, breaks this down in our latest ‘Spotlight on’ piece.

Spotlight on the Monetary Authority of Singapore’s Technology Risk Management Guidelines

As part of our ‘Spotlight on’ series, we have been delving into the topic of operational resilience and third-party risk management within financial institutions. In this installment, Simon Fieldhouse, global managing director – Software Resilience, offers his insight into the latest version of the Monetary Authority of Singapore’s Technology Risk Management (TRM) guidelines.

Related events

Webinar: PRA SS2/21 Regulations: Preparing your stressed exit plan

Event date 4 November 2021 10:00 – 11:00