The Financial Conduct Authority (FCA) has concluded its rollout of new rules on the use of third party providers to strengthen resilience and promoting market stability.

In a statement, the FCA said financial firms and financial market infrastructures (FMIs), such as payment systems, have become increasingly reliant on the services of a small number of third party providers. It pointed out that these can sometimes be a single point of failure, which could affect a large number of consumers and firms, and threaten the stability of the UK financial system.

After a process of review began in 2023, when the FCA was given new powers to oversee the resilience of the services that these third parties provide to the sector, that may cause risks to financial stability.

“By strengthening resilience and promoting market stability, this will ensure the UK is an attractive place to do business,” the FCA said, stating that the government will decide which third parties should fall under the new regime based on advice from regulators.

Commenting, David Ferbrache, managing director at Beyond Blue, said: “The policy stipulates that financial firms must have an understanding of the resilience of their third parties in the face of severe but plausible scenarios, while also ensuring they can remain resilient if those third parties are rendered unavailable.

“Operational resilience is the ability for financial firms to meet the vital needs of their customers even in the face of severe disruptions. When third parties—such as cloud service providers, IT management services, or communication platforms—fail, the ripple effect can be catastrophic for financial firms and, by extension, the broader financial ecosystem. The upcoming policy is working to tackle this challenge.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.