Skip to Primary Navigation

Skip to main content

The next chapter in UK operational resilience: Operational incident and third-party reporting

In this photo illustration, a hacker with an Anonymous mask on his face and a hood on his head uses a computer on December 27, 2019 in Paris, France.
Photo: Chesnot/Getty Images

Jake Green | Ashurst, Bradley Rice | Ashurst, Vidhi Mahajan | Ashurst+1

5 min read
 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

New regime changes how firms report serious incidents and critical third-party dependencies, gives regulators improved real-time visibility of threats.

The FCA, Prudential Regulation Authority (PRA), and Bank of England have published final rules: PS26/2: Operational incident and third party reporting, establishing a unified regulatory framework for reporting:

  • operational incidents; and
  • material third-party arrangements.

This new regime represents a significant milestone in the UK’s approach to operational resilience. It fundamentally

, , , , , , , ,