What is a ‘critical third party’, and why must the Finance sector’s technology providers be ready to earn this designation?
As a long-standing technology partner for multiple financial organisations across the UK, the team at Exponential-e have been observing the sector's evolving relationship with technology for some time - both the growing demand for a higher standard of operational resilience, and an increasing awareness of the challenges and opportunities that Cloud transformation presents.
In light of an increasingly complex digital landscape, a tense geopolitical situation, and a growing volume of compliance obligations around the handling of financial data, it is only natural that the sector is keen to establish a standard of resilience, security, and flexibility that will ensure it is fully equipped for the years ahead and - ultimately - provide its customer with complete peace of mind.
The sector's underlying technology infrastructure is playing a critical role in this journey, which makes it essential that we, as IT specialists, are willing to take the time to understand financial organisations distinct requirements and obligations and tailor our solutions to accommodate them. However, this means more than just exploring customer requirements…
In July 2022, the Finance sector's supervisory authorities - i.e. the Bank of England, Prudential Regulation Authority (PRA), and FCA - set out a number of potential measures to formalise the assessment process for so-called 'critical third parties', defined as:"…a third party that HMT would designate as 'critical' using its proposed powers under the FSM Bill. Under the proposals in the Bill, HMT would be able to designate a third party as 'critical' if it was satisfied that a failure in, or disruption to, the provision of the services that it provides to firms and FMIs (either individually or where more than one service is provided, taken together) could threaten the stability of, or confidence in, the financial system of the UK.
- Ensure clearly defined business continuity and disaster recovery plans are in place and ready to implement at a moment's notice. Remember, always work on the assumption that a breach or disruption will eventually occur, and plan accordingly.
- Establish a regular process for evaluating the overall resilience of the services delivered and acting on any opportunities for improvement.
- Take the time to understand the supervisory authorities' long-term objectives and focus your service delivery on them. · Ensure all applicable recognised standards are already in place and regularly audited.
- Communication is everything. The supervisory authorities are already considering making communication strategies part of their formal assessment process for CTPs, but this should extend beyond crisis situations. Ensure effective channels of communication are established and utilised at all levels
There's no doubt that the years ahead will challenge both financial organisations and their technology providers, but close cooperation between teams will not only ensure business-as-usual can be maintained as much as possible and strengthen customers' faith in the sector, but also establish long-lasting partnerships that will drive a whole new level of innovation, where leading-edge technology is utilised in service of financial firms short- and long-term goals around resilience, security, and service quality. If you'd like to find out more about the Finance sector's technology journey, do not hesitate to contact us.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.