×
google news

Bank of England, PRA, and FCA to Monitor Critical Third Parties

Starting July 13, 2026, the UK's financial regulators will begin overseeing major cloud service providers to safeguard the nation's financial system

Bank of England, PRA, and FCA to Monitor Critical Third Parties

The UK is taking a significant step to bolster its financial system by bringing four major global cloud service providers under direct regulatory oversight. This move, set to begin on July 13, 2026 aims to enhance the resilience of the financial sector and protect the services that millions of people and businesses rely on daily.

As financial institutions increasingly depend on cloud services, the risk of disruption to these critical services could have widespread impacts. To mitigate this risk, the UK government has designated four major cloud and technology providers as Critical Third Parties (CTPs).

This designation enables the Bank of EnglandPrudential Regulation Authority (PRA) and Financial Conduct Authority (FCA) to jointly oversee the critical services these providers offer to the financial sector.

The New Regulatory Regime

The new regime will focus on ensuring that these critical services are resilient and can recover quickly from any operational disruptions.

The regulators will gather information, assess resilience, and work with the designated providers to address any risks to the continuity of these critical services. This oversight will include making and enforcing CTP-specific rules where necessary.

Economic Secretary to the Treasury and City Minister, Rachel Blake MP emphasized the importance of this move: “We are a world-leading financial centre, and maintaining trust in our financial system is essential to its success. These designations will help ensure the critical services financial firms rely on remain resilient, protecting consumers and businesses while supporting growth across the economy.”

The Designated Providers

The following firms have been designated as Critical Third Parties from July 13, 2026

  • Microsoft Ireland Operations Limited
  • Google Cloud EMEA Limited
  • Amazon Web Services EMEA SARL
  • Oracle Corporation UK Limited

These designations follow a period of evidence gathering and collaborative engagement with the third parties. Each designated provider has expressed their commitment to complying with the relevant oversight requirements and supporting the UK’s cybersecurity and resilience laws.

Enhancing Financial Stability

The UK government views a stable and secure financial system as essential for economic growth. By strengthening oversight of critical services and enhancing collaboration with third-party providers, the government aims to safeguard financial stability, support confidence, and create conditions for investment, innovation, and growth.

The regulators will periodically review whether the designated providers continue to meet the designation criteria, making recommendations to HM Treasury as needed. This approach ensures that only the most critical third-party providers are brought into the regime, maintaining a targeted and proportionate oversight.

Financial firms will remain responsible for managing risks arising from their third-party suppliers, including due diligence, risk management, and contingency planning. The new regime complements but does not replace existing outsourcing and operational resilience rules.

World Cup 2026

Upcoming matches

Tomorrow
France
20:00BSTSemi-finals
Spain
Wed 15 Jul
England
20:00BSTSemi-finals
Argentina
Sat 18 Jul
22:00BSTThird place
Sun 19 Jul
20:00BSTFinal

Results

Sun 12 Jul
Argentina
31FT · AET · Quarter-finals
Switzerland
Sat 11 Jul
Norway
12FT · AET · Quarter-finals
England
Fri 10 Jul
Spain
21FT · Quarter-finals
Belgium
Updated 08:00 BST

Contacts:
Jordan Wells

Jordan Wells covers Pride, policy and the cultural arc with equal seriousness. Reports on legislation, films, and the writers reshaping queer narrative today.