Amid growing concerns about cybersecurity, data protection and the resilience of market infrastructure, regulators in the U.K. and Europe are stepping up cooperation in their oversight of essential, external service providers.
The U.K.’s regulators, including the Financial Conduct Authority, Bank of England and Prudential Regulation Authority, signed a joint memorandum of understanding (MoU) with the European regulators that creates a framework for sharing information and coordinating oversight of so-called “critical third parties.”
“The MoU aims to manage potential risks to financial stability and market confidence, as well as strengthen international cooperation,” the regulators said in a release on Wednesday, adding that this will also reduce duplication and regulatory burdens on the firms themselves.
Further, the agreement is intended to guide the regulators’ response to incidents, such as cyberattacks or major power outages that impact the operation of firms that provide essential services to the financial industry.
Regulators in the U.K. are in the process of implementing new rules that apply to firms that are designated as critical external providers, which require these firms to report major incidents, such as cyberattacks, and to meet certain standards for ensuring their resilience.
Despite these new rules, financial industry firms and financial market infrastructures, such as clearing and settlement agencies, are still required to ensure their own operational resilience and to manage the risks of outsourcing.