Regulation3 min read

UK Regulators to Start Overseeing Critical Third Parties

The FCA says the Bank of England, PRA and FCA will begin supervising designated critical third parties on July 13, adding a new resilience regime for key cloud and tech providers.

A striking upward view of illuminated modern skyscrapers at night in London, England.
Illustrative photo · Andrea De Santis / Pexels

The bottom lineThe FCA says the Bank of England, PRA and FCA will begin overseeing the first designated critical third parties on 13 July 2026. For retail investors, the main point is not a direct market rule change, but a shift in how regulators manage systemic risks tied to cloud and technology providers that support many financial firms.

What happened

The FCA said the Bank of England, the Prudential Regulation Authority and the FCA will start overseeing the first critical third parties on Monday, 13 July 2026, after Treasury designations.

The Treasury has designated four global cloud and technology providers: Amazon Web Services EMEA SARL, Google Cloud EMEA Limited, Microsoft Ireland Operations Ltd and Oracle Corporation UK Limited.

The FCA said critical third parties are service providers whose systems underpin the UK financial system, and that disruption at one provider could affect multiple firms or markets at the same time.

Why it matters

The regulators said the new regime is designed to reduce the chance that a failure at a major technology provider spreads through the financial system.

The FCA said the framework is proportionate and focused on the resilience of the critical services these providers give to the UK financial sector.

The statement also makes clear that the regime complements existing outsourcing and operational resilience rules for regulated firms, which still remain responsible for their own third-party arrangements.

What readers can verify next

Readers can check the FCA statement and the Treasury announcement to confirm the list of designated providers and the start date.

They can also review the regulators' existing operational resilience guidance to see how responsibility remains split between firms and their service providers.

For investors following UK financial regulation, the practical question is whether more third-party providers are designated over time, because the Treasury decides future designations and de-designations.

Editorial note. This report explains a public record and is not investment, legal or trading advice. Facts may change after publication; the source links remain the controlling record.