All briefings

UK Regulatory Brief

Week of 16 March 2026

6 regulatory updates covered · Generated by Regulatte AI

Executive Summary

This week's regulatory activity was dominated by the PRA and Bank of England publishing new rules and guidance on operational resilience, incident reporting, and third-party risk management, primarily targeted at financial market infrastructures such as central counterparties, payment system operators, and central securities depositories. A senior Bank of England official also signalled a forthcoming review of the liquidity framework for banks and building societies, which could have material implications for how firms manage and report their liquid asset buffers. While several updates are directly aimed at financial market infrastructures rather than mainstream authorised firms, the direction of travel on outsourcing oversight and operational resilience is relevant to all boards.

i

This is a generic brief

It covers all 7 regulatory bodies but isn't filtered to your specific NED role, firm type, or priorities. A personalised Regulatte brief surfaces only the developments that are directly relevant to you - and tells you exactly what to do about them.

Request personalised access →

Board Level: Requires Attention

1

Third-party and outsourcing risk: assessing alignment with the PRA's updated expectations

The PRA has published multiple updated supervisory statements this week making clear that rigorous oversight of outsourced and third-party arrangements is a regulatory priority across the financial system. Although the immediate rules target market infrastructures, the underlying expectations on due diligence, concentration risk, sub-outsourcing, and exit planning are consistent with what the PRA expects of all authorised firms, and enforcement attention on this area is increasing.

Source
2

Operational incident reporting: ensuring the firm's escalation and notification processes are fit for purpose

The new PRA incident reporting framework for market infrastructures sets a clear precedent for rapid, structured regulatory notification when operational disruptions occur. Boards are accountable for ensuring their firm's own incident escalation procedures meet regulatory expectations, and any gap between actual practice and the regulator's expectations creates both supervisory and reputational risk.

Source

Key Developments

PRA

New PRA rules on operational incident reporting for financial market infrastructures

The PRA has finalised requirements for financial market infrastructures to report operational incidents and outsourcing arrangements, raising the bar on how quickly and comprehensively firms must notify the regulator of disruptions. Although the immediate rules target market infrastructures, the framework signals the PRA's intent to tighten incident reporting standards more broadly, and boards of authorised firms should expect similar expectations to follow.

Read more
PRA

Updated outsourcing and third-party risk standards for central counterparties

The PRA has updated its supervisory statement on outsourcing and third-party risk management for central counterparties, clarifying expectations on due diligence, concentration risk, and exit planning. Boards of firms that rely on or interact with central counterparties should be aware that their counterparties now face stricter oversight, which may affect service terms, resilience obligations, and contractual requirements flowing down the supply chain.

Read more
PRA

Updated outsourcing standards for payment system operators and specified service providers

The PRA has refreshed its guidance on third-party risk for recognised payment system operators and their specified service providers, reinforcing expectations around sub-outsourcing controls and business continuity. Firms that use payment systems as critical infrastructure should review whether their own third-party arrangements remain aligned with the tightening regulatory baseline.

Read more

2 more developments in your personalised brief

Your brief also filters these to the ones that matter for your specific NED role and firm.

Get access

Watch List

  • Monitor the Bank of England for further consultation on modernising the liquidity framework for banks and building societies: changes to liquid asset buffer requirements or reporting obligations could require significant balance sheet and treasury planning.
  • Track whether the PRA extends its updated operational incident reporting and outsourcing supervisory statements beyond market infrastructures to mainstream authorised firms, which would create new compliance obligations and board reporting requirements.
  • Review any consultation response deadlines attached to the PRA's policy statement on operational resilience for financial market infrastructures, as these may invite industry comment that the firm's risk or compliance team should consider contributing to.
  • Watch for FCA publications on operational resilience following the March 2025 deadline: the regulator may now begin supervisory reviews of firms' implementation, and enforcement action against firms with weak resilience frameworks is a growing risk.

Generated by Regulatte AI · Always verify with source material before acting

Get a personalised brief every week

Regulatte AI tailors your brief to your NED role, firm type, and background.

Request early access

Or browse all free briefings

UK Regulatory Brief: Week of 16 March 2026 | Regulatte