Skip to Primary Navigation

The next chapter in UK operational resilience: Operational incident and third-party reporting

In this photo illustration, a hacker with an Anonymous mask on his face and a hood on his head uses a computer on December 27, 2019 in Paris, France.
Photo: Chesnot/Getty Images

New regime changes how firms report serious incidents and critical third-party dependencies, gives regulators improved real-time visibility of threats.

The FCA, Prudential Regulation Authority (PRA), and Bank of England have published final rules: PS26/2: Operational incident and third party reporting, establishing a unified regulatory framework for reporting:

  • operational incidents; and
  • material third-party arrangements.

This new regime represents a significant milestone in the UK’s approach to operational resilience. It fundamentally

Get full access, free for a month

Start your 28-day free trial to continue reading and access
all content on GRIP – no payment details required.

What’s included:

  • Every new article, plus our 5,000+ archive
  • Daily regulatory insight and guidance
  • Exclusive interviews and in-depth analysis
  • Coverage of industry-leading events and conferences
  • All podcasts and videos, featuring industry experts
  • The full set of Rules Navigator tools
  • An ad-free experience