UK and EU regulators have signed a Memorandum of Understanding (MoU) to collaborate on supervising critical third parties (CTPs), such as data providers.
The FCA, Bank of England and Prudential Regulation Authority signed the MoU with the European Supervisory Authorities to establish a framework for coordinating and sharing information on the oversight of CTPs under the UK regime, and critical third party providers (CTPPs) under the EU’s Digital Operational Resilience Act (DORA), including during incidents such as power outages or cyber-attacks.
As well as reducing duplication and the regulatory burden on CTPs and CTPPs, the MoU is expected to mitigate risks to financial stability and market confidence and strengthen international cooperation.
UK regulators consulted on policy measures to manage the systemic risks posed by certain third parties to the UK financial sector in 2024 with the new rules taking effect at the start of 2025. The Treasury is responsible for deciding which third party service providers should fall under the new CTP regime.
The UK’s CTP regime is in line with similar international standards and is designed to be compatible with DORA.
The FCA said in a statement: “The agreement demonstrates UK regulators’ commitment to cross-border cooperation and strengthening operational resilience to support growth and promote market stability.”
