Financial Conduct Authority, Bank of England publish proposals to bolster tech resistance of the financial sector.
The UK financial sector's reliance on technology and big name firms is being addressed by the Bank of England, Financial Conduct Authority, and the Prudential Regulation Authority.
They all proposed rules to regulate the heavy reliance of financial firms on external technology companies for their critical business operations.
All three agencies say that managing these risks fully is beyond the ability of any individual firm or FMI, and requires an appropriate level of direct regulatory oversight.
These proposals are designed therefore to complement but not clash with the responsibilities of individual firms and FMIs relating to operational resilience and third-party risk management.
The minimum resilience standards require a third party tech firm to identify all services it provides to a financial firm, assess risks to its services and implement appropriate controls, undertake regular testing and have a mechanism for handling failures.
CTPs such as AWS, Microsoft, Google etc, will not be authorised or overseen by the regulators, but the third-party services they provide will be overseen against these proposals, once finalised.
Feedback on the proposals will be gathered until 15 March 2024, and the regulators will publish their final requirements and expectations in the second half of next year.
Meanwhile the Associated Press has reported that the Bank of England, in its half-yearly Financial Stability Review, said it will make an assessment next year about the risks posed by artificial intelligence and machine learning.
This Cyber News was published on www.silicon.co.uk. Publication date: Thu, 07 Dec 2023 19:13:05 +0000