News -

UK PRA publishes rules for outsourcing and third-party risk management

This week, the UK’s Prudential Regulation Authority (PRA) published its Supervisory Statement on outsourcing and third-party risk management.

The publication offers guidance for businesses across the banking and financial services sector on what they should do when outsourcing services and mitigating third-party risk.

This follows the Bank of England’s Consultation Paper 30/19 published in 2019, which set out the key considerations to take forward in the official guidance.

Within this Supervisory Statement, the PRA considers an escrow agreement as one of a number of relevant resiliency options for firms to consider when undertaking business continuity and exit planning.

While it does not mandate or favour a single resiliency option, the PRA encourages firms to explore appropriate and viable options which, the PRA states explicitly, “may include escrow”.

Commenting on this news, Simon Fieldhouse, global managing director – software resilience at NCC Group said:"NCC Group has long taken the view that software and technology escrow solutions offer legal and technical assurance to allow firms to adopt, innovate and manage third-party technologies with confidence.

"We are delighted that the PRA has explicitly included escrow agreements as a relevant resiliency option in outsourcing contracts, as proposed by our experts.


“However, the work doesn't stop here. We must continue to engage with regulators world-wide to encourage them to acknowledge escrow agreements as a mechanism that enable organisations to comply with third-party risk mitigation, outsourcing and business continuity requirements and as a way to operate and grow in a resilient, safe and secure way.

"We believe that awareness and education of operational resilience needs to improve and that regulators can play a role in supporting financial institutions in achieving resilience by design.”

The new regulation will come into play on Thursday 1 April and will affect all regulated entities, independent software vendors, and cloud suppliers. If you’d like to find out more about what’s next read our Spotlight on’ piece here.

Topics

  • Technology, general

Categories

  • uk

Contacts

Related content

  • NCC Group launches flagship Partner Network

    Through NCC Group’s Software Resilience Partner Network, software vendor partners can use NCC Group’s cloud and on-premise software resilience services to enhance their offering and support their customers to innovate and grow in a resilient, safe and secure way.

  • Insights paper: EU Financial Services Guidance for IT Outsourcing Regulation and Managing Third-Party Risk

    To support EU financial services organisations on their journey to compliance we have compiled the key EU regulations around IT outsourcing, highlighting specific rules and guidance around business continuity and contingency planning for critical functions. In this paper, you’ll find NCC Group’s best practice advice and recommended solutions for managing third-party risk and ensuring compliance.

  • Building resilience into the digital transformation process

    Worldwide spending on digital transformation technologies and services increased by as much as 10% in 2020, reaching $1.3 trillion. But how does widespread adoption affect operational resilience – and how can the legal sector support businesses? Tim Rawlins, Senior Adviser, explores this.

  • Spotlight on the UK’s new operational resilience regulation

    After years of consultation, the UK’s Prudential Regulation Authority (PRA) is set to publish new rules on outsourcing and third-party risk management this month. In our ‘Spotlight on’ series, Simon Fieldhouse explores what this means for the sector, its resilience, and the pace of digital transformation.

  • Spotlight on the EU’s Digital Operational Resilience Act (DORA)

    The EU Commission is currently developing the Digital Operational Resilience Act (DORA) – new legislation aimed at financial entities at EU level. But what does it mean and what should businesses do now to prepare? Simon Fieldhouse, global managing director – Software Resilience at NCC Group, breaks this down in our latest ‘Spotlight on’ piece.

  • Spotlight on the Monetary Authority of Singapore’s Technology Risk Management Guidelines

    As part of our ‘Spotlight on’ series, we have been delving into the topic of operational resilience and third-party risk management within financial institutions. In this installment, Simon Fieldhouse, global managing director – Software Resilience, offers his insight into the latest version of the Monetary Authority of Singapore’s Technology Risk Management (TRM) guidelines.

Related events