Mitigating systemic third-party risks in the financial sector

In recent years, Financial Services firms have become increasingly reliant on cloud and other third-party providers who provide key systems through outsourcing arrangements. Though a vital component, these dependencies do not come without risk.

In June 2022, HM Treasury released a policy statement* alongside the regulators to address these potential issues and provide guidance through a framework for firms operating in the Financial Sector.

What is the objective of the statement?

Systemic disruption occurs if many firms rely on the same third-party for a critical service, and where failure of this material supplier causes mass impact across the sector. Regulators have the power to set expectations of firms through their contractual arrangements, however in many cases this is insufficient, and it has become apparent that these alone cannot address the issues of material failures in the supply chain.

The objective of the statement is:

  • Allow regulators to directly oversee critical services provided to firms
  • Allow regulators to ensure there is resilience within firms and their supply chains

What does the statement cover?

The proposal for mitigating risks from critical third parties to the finance sector states that HM Treasury and the regulatory bodies will be able to apply specific third parties as ‘critical’ to firms. This will enable the regulators to impose powers regarding any material services provided to the financial sector by the third-party. These powers include being able to:

  • Set resilience standards and expectations
  • Request information directly from providers deemed as ‘critical’
  • Appoint an investigator where there may be a suspected breach of compliance
  • Enter a material providers premises under the use of a warrant as part of the investigation

Parliamentary Review

The statement is due to be passed for legislation, parliamentary time allowing, while an additional joint Discussion Paper will be published by the Financial Regulators shortly after.

Preparation for mitigation

As firms prepare and continually adapt to the evolving regulatory landscape, the focus on assurance across supply chains has never been greater. FSQS, a Hellios community for financial service firms, provides a purpose-built platform designed to highlight 3rd party commonalities, and bring to light any potential systemic risks in the financial sector supply chain. On behalf of the FSQS community, Hellios collects a wide range of supplier information on key topics such as resilience and business continuity, supply-chain 3rd and 4th party data, as well as cloud and cyber security. Through the use of intuitive reporting methods, and a global supply chain view, Hellios can help drive the actionable data your organisation requires to satisfy regulatory requirements.

Speak to us today for more information on joining the FSQS community at: or call us on: 01865 959100

* HM Treasury Policy Statement: Critical third parties to the finance sector