The Bank of England, together with the Financial Conduct Authority and Prudential Regulation Authority, has signed a Memorandum of Understanding with the European Supervisory Authorities to strengthen cross-border cooperation on the oversight of critical third parties that fall under the UK’s critical third party (CTP) regime. The MoU sets a framework for coordination and information sharing on UK CTPs and EU “Critical Third Party Providers” supervised under the EU’s Digital Operational Resilience Act (DORA), including during incidents such as power outages or cyber-attacks. It is intended to help manage risks to financial stability and market confidence while reducing duplication and regulatory burden for third-party providers operating across jurisdictions. The UK’s CTP regime was introduced in 2024, with rules effective from 1 January 2025 but applying once a provider is designated by HM Treasury. The designation process has begun, and UK regulators expect to continue working with HM Treasury as it progresses; designated CTPs will be required to provide regular assurance, undertake resilience testing and report major incidents, without reducing financial firms’ and Financial Market Infrastructures’ responsibilities under existing outsourcing rules.
Bank of England 2026-01-14
Bank of England and UK regulators sign MoU with European Supervisory Authorities on oversight of critical third parties
The Bank of England, Financial Conduct Authority, and Prudential Regulation Authority signed a Memorandum of Understanding with European Supervisory Authorities to enhance cross-border cooperation on overseeing critical third parties under the UK's regime and the EU's Digital Operational Resilience Act. This framework aims to manage risks to financial stability and market confidence while minimizing regulatory burdens for third-party providers operating across jurisdictions.