ARTICLE
14 January 2025

The UK's Banking Regulator Looks To Increase Its Receipt Of Operational Incident Information

CW
Cadwalader, Wickersham & Taft LLP

Contributor

Cadwalader, established in 1792, serves a diverse client base, including many of the world's leading financial institutions, funds and corporations. With offices in the United States and Europe, Cadwalader offers legal representation in antitrust, banking, corporate finance, corporate governance, executive compensation, financial restructuring, intellectual property, litigation, mergers and acquisitions, private equity, private wealth, real estate, regulation, securitization, structured finance, tax and white collar defense.
The UK Prudential Regulation Authority proposes new rules for reporting operational incidents and material third-party arrangements, aiming to enhance risk monitoring; implementation starts H2 2026.
United Kingdom Finance and Banking

The UK's Prudential Regulation Authority ("PRA") has issued a consultation paper on proposals for rules and expectations for regulated firms to report operational incidents and material third-party arrangements (the "CP") in order to collect data to enable monitoring and responses to risks.

Operational incident reporting

The proposed new rules will set out specific operational incident reporting requirements, with the definition of 'operational incident' being a single or series of linked events which disrupt operations in a way that interferes with the delivery of a service or impacts the availability, authenticity, integrity or confidentiality of information or data relating to an end user. Reportability is subject to clear thresholds that pose a risk to the PRA's objectives, and should be made using a phased approach entailing:

  • an initial incident report;
  • further intermediate reports if there is a significant change in circumstances; and
  • a final report.

The PRA is proposing that firms submit reports using a template in order to streamline the information that it receives.

Outsourcing and third-party reporting

Given the increasing reliance on third-party support of both an outsourcing and non-outsourcing nature, the PRA is proposing the collection of data on all 'material third-party arrangements.' These can be outsourcing or non-outsourcing arrangements the failure of which would have a significant impact on their failure or disruption. Note that the Financial Conduct Authority or FCA is proposing a different approach, and will require notifications for all material third-party arrangements. Also note that the PRA proposes requiring firms to maintain and submit a structured register of information on all of its material third-party arrangements.

Next steps

Implementation is scheduled for no earlier than the second half of 2026, with incident reports to be hosted by the FCA's Connect portal. Responses to the consultation paper are due by 14 March 2025.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More