HM Treasury has confirmed that the UK regulators will be given powers to oversee tech companies which serve the financial sector.

Policymakers are worried about concentration risk in the financial sector. For example, if several firms rely on the same cloud technology, an issue at the cloud supplier could cause systemic disruption. To help manage this risk, HM Treasury plans to allow the Bank of England, Prudential Regulation Authority and Financial Conduct Authority to oversee what it calls critical third parties.

According to a policy statement, legislation will be introduced enabling HM Treasury to designate some third parties as being “critical”. This will be decided according to criteria such as the number and type of services the third party provides and the materiality of these services.

Once designated as “critical”, third parties would be subject to rules relating to their provision of material services. These rules would set minimum resilience standards and require critical third parties to take part in resilience testing. The regulators would also be given powers to gather information, assess compliance and take enforcement action. These are similar to powers to be given to European regulators to oversee critical third party ICT service providers under the EU's draft DORA legislation.

More detail on the scope of the regime should come when the government publishes draft legislation, which may be included in the upcoming Financial Services and Markets Bill. The regulators are also due to launch a discussion paper on how they would exercise the powers given to them.