PRA Regulations - Deadline incoming!
PRA’s Outsourcing and Third-Party Risk Management (PRA SS2/21)
In March 2021, the PRA published a?Policy Statement?on outsourcing and third party risk management (PS7/21) and an accompanying?Supervisory Statement?(SS2/21) which ‘clarifies, develops, and modernises’ longstanding regulatory requirements and expectations applying to financial institutions in this area.
Most companies regulated by the?Prudential Regulation Authority?(PRA) including banks, financial institutions, credit unions, insurance and reinsurance firms, are adopting SaaS hosted applications for many critical applications within their business.
The PRA?SS2/21?polices are aimed at ensuring these regulated companies have robust continuity measures in place for services designated under outsourcing and third party risk management. The new policies come into effect on the?31st?March 2022, and is therefore a big topic for our industry right now and in 2022.
Essentially a appointed Third party risk management team will now have until the end of March 2022 to put successful stressed exit plans in place for all outsourced services, and for all material applications currently being used.?
I'd like to draw your attention to section 10.16 of SS2/21 in which the PRA advises banks to “actively consider…. escrow arrangements” as part of the early stages of any demonstratively successful stressed exit plan.
领英推荐
Therefore, in order to comply with the continuity requirements of the SS2/21 policy, financial institutions are now reviewing the current Escrow solutions, as well as reviewing their wider portfolio so to provide a safety net in the event of a critical supplier failure.
The new operational resilience requirements come into force on 31 March 2022. Firms will need to consistently remain within their impact tolerances for each important business service as soon as reasonably practicable after 31 March 2022, and by no later than 31 March 2025.
It is important for regulated companies to prepare and be ready before the new guidance which is ever so close now! While companies are likely to have some of these elements in place, our assumption is that effort and resource will need to be put in place to fully meet regulatory expectations asap.
For more information, please contact me directly here on LinkedIN.