Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
CP17/24 - Operational resilience: Operational incident and outsourcing and third-party reportingPrivacy statement1: Overview (paras. 1.1-1.34)Background (paras. 1.11-1.19)Structure of the CP (para. 1.20)Cost benefit analysis (CBA) (paras. 1.21-1.27)Implementation (paras. 1.28-1.30)Responses and next steps (paras. 1.31-1.34)2: Operational incident reporting (paras. 2.1-2.38)Operational incident (paras. 2.4-2.5)Reporting thresholds (paras. 2.6-2.13)Phased approach to reporting operational incidents (paras. 2.14-2.17)Initial operational incident report (paras. 2.18-2.19)Intermediate operational incident report (paras. 2.20-2.22)Final operational incident report (para. 2.23)Format of operational incident reports (paras. 2.24-2.25)Operational incident data (paras. 2.26-2.38)3: Outsourcing and third-party reporting (paras. 3.1-3.42)Material third parties (paras. 3.6-3.10)Notifications (paras. 3.11-3.21)Register (paras. 3.22-3.27)Information to be submitted to the PRA (paras. 3.28-3.42)4: 'Have regards' analysis (para. 4.1)AppendicesAppendix 1: PRA Rulebook: CRR, Solvency II & Non-Solvency II: Notification Of Third-Party Arrangements And Operational Incident Reporting Instrument 2024Appendix 2: New draft supervisory statement - Operational Resilience: Incident reporting Appendix 3: Draft amendments to supervisory statement SS2/21 - Outsourcing and third party risk managementAppendix 4: Incident, Outsourcing and Third-Party Reporting (IOREP) Cost Benefit Analysis Appendix 5: Reporting fields documentAppendix 6: Draft material third party template
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2 
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Recently generated comparisons
None generated
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 17th May 2026
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application

AI Summary of 3: Outsourcing and third-party reporting (paras. 3.1-3.42)

PreviousNext
Version date: 13 December 2024 - onwards

3: Outsourcing and third-party reporting (paras. 3.1-3.42)

Closed
13 March 2025

3.1 In this Chapter, the PRA is proposing to:

- expand the scope of existing third-party arrangements data collections to cover both material outsourcing and non-outsourcing ('material third-party') arrangements;

- require firms to submit material third-party Notifications in a standardised format, using a template which is aligned with the Register; and

- require firms to maintain and submit a Register to the PRA, ensuring this is up to date at least annually.

3.2 The proposals in this Chapter would result in subsequent changes to:

- The Glossary;

- The Notifications Part of the PRA Rulebook;

- The Regulatory Reporting Part of the PRA Rulebook; and

- Chapters 4 and 5 of SS2/21 - Outsourcing and third-party risk management.

3.3 Firms are becoming increasingly reliant on third-party arrangements, both outsourcing and non-outsourcing, to support their operations. This reliance on third-party service providers brings potential benefits and opportunities for the sector but could also pose risks to the safety and soundness of firms, policyholder protection or the financial stability of the UK. To better identify and address these risks, the regulators and the industry have highlighted the importance of collecting effective data on the use of material third-party arrangements.
Material third parties (paras. 3.6-3.10)
Notifications (paras. 3.11-3.21)
Register (paras. 3.22-3.27)
Information to be submitted to the PRA (paras. 3.28-3.42)
PreviousNext