CloudSecurity

AWS designated as a critical third party to the UK financial sector


Amazon Web Services EMEA Sarl (AWS) has been designated as a critical third party (CTP) to the UK financial sector by HM Treasury.

The CTP regime came into force on January 1, 2025, and establishes a framework through which the Bank of England, PRA, and FCA (collectively the UK regulators) can set requirements on and have direct oversight of designated CTPs.

AWS supports the objectives of the UK regulators to ensure a robust financial system.

AWS obligations under the regime

The CTP regime is an outcomes-focused framework. Under the regime, AWS will be subject to requirements in relation to its designated Systemic Third-Party Services (STPS). The first step will be a self-assessment of these STPSs against the CTP regime criteria, which AWS will now carry out in line with regulators’ expected timelines.

AWS has actively engaged with the UK authorities as they’ve developed the CTP regime, and we will continue this constructive approach as we work to meet our obligations under it.

Impact on customers

The UK regulators have clarified that the requirements under the regime don’t eliminate, reduce, or replace the accountability of firms, their boards, and senior management for remaining operationally resilient, including when they rely on services provided by third parties.

The regime doesn’t change obligations on financial services customers of designated CTPs. As we manage our obligations, we expect to publish materials that customers can use to inform their own operational resilience planning and third-party risk management.

The AWS commitment to operational resilience

We’re focused on supporting financial services customers in enhancing their operational resilience and providing a range of services and guidance—including the AWS Well-Architected Framework and resources for cloud incident management—to help organizations deliver effective resilience outcomes.

AWS has a team of regulatory and technology experts with expertise in financial services ready to support customers with questions about this regime or operational resilience more broadly. Customers can contact their AWS account team for further information.


Michael Jefferson

Michael is Head of Financial Services Public Policy for EMEA. He leads on policy and engagement for issues relating to adoption and use of cloud and technology across the finance sector. Before joining AWS, he led on capital markets policy at the Investment Association and prior to that at UK Finance. He previously was head of Public Policy EMEA at Nomura and spent the early part of his career as a UK civil servant working on international trade and business issues.



Source link