FastBull BrokersView
Sign In

UK Financial Regulators Begin Oversight of Critical Third Parties After Treasury Designation

2026-07-13 BrokersView

The UK’s financial regulators will begin supervising critical third parties (CTPs) from 13 July 2026, introducing a new framework aimed at reducing systemic risks caused by failures at major technology and service providers supporting financial markets.

 

The first designated CTPs include four global cloud and technology providers: Amazon Web Services (AWS), Google Cloud, Microsoft and Oracle. The Bank of England, Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) will jointly oversee these firms, focusing on the resilience of the critical services they provide to UK financial institutions.

 

The move follows growing concerns over the financial sector’s dependence on a small number of technology providers. In October 2025, an AWS outage disrupted services across multiple industries, including trading platforms and brokerages. Platforms such as Robinhood and Coinbase experienced temporary service issues, with some users unable to access accounts or execute transactions. The incident highlighted how failures at major cloud providers could quickly affect financial operations, even when the issue is not directly related to market infrastructure.

 

Under the new regime, designated CTPs will be required to identify and manage risks, maintain communication with regulators and financial firms, and improve incident response capabilities. However, the oversight does not replace existing obligations for banks, brokers and other regulated firms, which remain responsible for managing their own outsourcing risks and contingency plans.

 

Regulators said the framework is designed to strengthen operational resilience across the UK financial system as technology providers become increasingly embedded in financial services. The initiative also aligns with similar international approaches, including the EU’s Digital Operational Resilience Act (DORA), as authorities seek to address the risks created by concentrated reliance on critical technology infrastructure.

Share

Loading...