14
Operational risk and outsourcing
14.1
Third-country branches should refer to the following for detailed rules and guidance when considering operational risk management:[18]
- PRA Rulebook – Fundamental Rules;
- PRA Rulebook Conditions Governing Business;[19]
o Rules 2.2 to 2.6 – General Governance Requirements;[20]
o Chapter 3 – Risk Management;
o Chapter 7 - Outsourcing;[21] - Threshold Conditions: Prudent conduct of business, suitability and effective supervision;
- Supervisory Statement 2/21, ‘Outsourcing and third party risk management’;[22] and
- Supervisory Statement 35/15 ‘Strengthening individual accountability in insurance’ where the third-country branch has found it appropriate to appoint an SMF role holder with prescribed responsibilities in respect of operational risk management.[23]
Footnotes
- 18. In addition to the list above, attention of third-country branches is drawn to Discussion Paper 3/22 ‘Operational resilience: Critical third parties to the UK financial sector’ https://www.bankofengland.co.uk/prudential-regulation/publication/2022/july/operational-resilience-critical-third-parties-uk-financial-sector and any subsequent supervisory statement/s that may arise from this policy work.
- 19. Other Conditions Governing Business rules not mentioned here remain applicable to third country branches – see Third Country Branches 7.1 of the PRA Rulebook.
- 20. Specifically on risk management and outsourcing, continuity and regularity of its activities, contingency plans.
- 21. To be read in conjunction with SS2/21.
- 22. SS2/21 – Outsourcing and third party risk management: www.bankofengland.co.uk/prudential-regulation/publication/2021/march/outsourcing-and-third-party-risk-management-ss.
- 23. SS35/15 – Strengthening individual accountability in insurance: www.bankofengland.co.uk/prudential-regulation/publication/2015/strengthening-individual-accountability-in-insurance-ss.
- 23/05/2024
14.2
This section does not consider the requirements and expectations of the Financial Conduct Authority (FCA). The FCA should be contacted directly to understand their requirements and expectations for operational risk.
- 23/05/2024