Insights on outsourcing and other lessons from a data breach – the UK FCA perspective

On 13 October 2023, the UK FCA published its Final Notice to Equifax Ltd, the UK subsidiary of US company Equifax Inc, in relation to a major 2017 data breach which affected over 13.7 million UK consumers. The FCA determined that Equifax Ltd had breached Principles 3, 6 and 7 of its Principles  and imposed a fine of over £11m. The firm agreed to resolve the matter and so qualified for a 30% discount for early settlement. The FCA's Final Notice helps to explain the rationale behind the UK regulatory authorities developing and enhancing the operational resilience regime in 2019. It also highlights some particular pitfalls in managing intra-group outsourcings effectively. Read more

Herbert Smith Freehills publishes Global Bank Review 2023: Trust Matters

Perhaps the most striking thing about the world of finance a decade and a half since the banking crisis is that the industry has not quite managed to regain the allure and self-confidence of earlier times. Certainly, this is a time in which trust – that most precious commodity in banking – is hard to earn and retain. This year's Global Bank Review: Trust Matters explores trust on many fronts. Read more

Operational Resilience – CTPs: What should you be doing about the proposed UK/EU Critical Third Parties Regimes?

Regulators around the world are focused on the operational resilience of financial institutions, financial market infrastructures and the financial system as a whole. One area of significant risk to the financial system are the significant dependencies of financial institutions on Critical Third Parties (CTPs), particularly in relation to the cloud and other Information and Communication Technology (ICT) services. Both the UK and the EU have advanced proposals for new regulatory frameworks in this area. Read more

Global FSR Outlook 2023 – Braving the maelstrom

Our Global FSR Outlook 2023 has been published.  In the Outlook, our Financial Services Regulatory (FSR) team surveys the regulatory landscape for 2023 and considers the challenges confronting firms and regulators. Read more

A new regime for critical third party providers to UK financial services firms is on the horizon

On 21 July 2022 the Bank of England, the PRA and the FCA published Discussion Paper 22/3 - Operational resilience: Critical third parties to the UK financial sector (DP22/3). DP22/3 sets out how the financial services regulators could use new powers proposed under the Financial Services and Markets Bill (FSM Bill) to assess and strengthen the resilience of material services provided by critical third parties to the UK financial services sector. Publication of DP22/3 marks an early step on the road to the introduction of a new designation regime for third party providers in respect of the material services they provide to the financial services sector. Read more

Operational Resilience: What’s next?

We have updated our Operational Resilience timeline to include key recent developments from the UK, EU, Hong Kong, Singapore, Australia and international standard setting bodies.  Operational resilience is the ability to 'prevent, adapt, respond to, recover and learn from operational disruptions'. Read more