Financial regulators are taking action as financial firms increasingly depend on a small number of technology providers, which could pose significant risks to the UK financial system. While third-party tech services can boost sector competitiveness, disruptions such as cyber-attacks or power outages could affect multiple firms and consumers, threatening overall stability.

To mitigate these risks, the Financial Conduct Authority (FCA) and Bank of England will oversee critical third-party (CTP) technology providers. The new regime empowers HM Treasury to designate a service provider as a CTP if a disruption in its services could undermine the stability or confidence in the financial system.

Once designated, CTPs will be subject to specific oversight by the regulators regarding the services they provide to financial firms, though not their entire operations. Big Tech firms will be required to deliver regular reports and assurance, participate in resilience testing, and notify regulators of major incidents. However, the responsibility for managing third-party risks and ensuring resilience remains with the financial firms and financial market infrastructures (FMIs) in accordance with existing regulations.