Skip to Primary Navigation

Skip to main content

The next chapter in UK operational resilience: Operational incident and third-party reporting

In this photo illustration, a hacker with an Anonymous mask on his face and a hood on his head uses a computer on December 27, 2019 in Paris, France.
Photo: Chesnot/Getty Images

Jake Green | Ashurst, Bradley Rice | Ashurst, Vidhi Mahajan | Ashurst+1

5 min read
 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

New regime changes how firms report serious incidents and critical third-party dependencies, gives regulators improved real-time visibility of threats.

The FCA, Prudential Regulation Authority (PRA), and Bank of England have published final rules: PS26/2: Operational incident and third party reporting, establishing a unified regulatory framework for reporting:

  • operational incidents; and
  • material third-party arrangements.

This new regime represents a significant milestone in the UK’s approach to operational resilience. It fundamentally

Register for free to keep reading

To continue reading this article and unlock full access to GRIP, register now. You’ll enjoy free access to all content until our subscription service launches in early 2026.

  • Unlimited access to industry insights
  • Stay on top of key rules and regulatory changes with our Rules Navigator
  • Ad-free experience with no distractions
  • Regular podcasts from trusted external experts
  • Fresh compliance and regulatory content every day
Register for free
Sign in
, , , , , , ,