London Partner Nathaniel Lalone, Financial Markets and Funds, was quoted by Compliance Week in its e-book, Tackling Third Party Risk In A Global World, in an article titled "TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025." The article discusses new regulations in the United Kingdom that require information technology (IT) firms, notably those providing critical services to the financial sector, to share more data about cyberattacks and resilience measures. These duties, which were set by the Financial Conduct Authority (FCA), Bank of England and Prudential Regulation Authority, aim to ensure that cyber threats are identified and mitigated. Firms will also be required to conduct resilience testing and scenario-based exercises, "which could involve collaborating with financial services firms, payment systems, and other financial market infrastructures (FMIs)," Compliance Week reported.
The regulations align with international standards such as the EU Digital Operational Resilience Act (DORA). Despite the safeguarding benefits, industry leaders caution that financial services firms must continue their own due diligence rather than relying solely on regulatory oversight. Nathaniel expressed support for the UK approach, describing it as "a measured, principles-based response that will balance the need for greater oversight of vendor relationships without massively interfering in private contractual relationships."
"TPRM critical as DORA, new FCA third-party engagement rules come into effect in 2025," *Compliance Week, March 21, 2025
*Subscription may be required for article access.
London
