FCA and PRA (UK) - Azure Compliance | Microsoft Docs

FCA and PRA (UK). Article; 02/16/2022; 3 minutes to read; 1 contributor ... Skiptomaincontent Thisbrowserisnolongersupported. UpgradetoMicrosoftEdgetotakeadvantageofthelatestfeatures,securityupdates,andtechnicalsupport. DownloadMicrosoftEdge Moreinfo Tableofcontents Exitfocusmode ReadinEnglish Save Tableofcontents ReadinEnglish Save Edit Twitter LinkedIn Facebook Email Tableofcontents FCAandPRA(UK) Article 02/17/2022 3minutestoread 1contributor Isthispagehelpful? Yes No Anyadditionalfeedback? FeedbackwillbesenttoMicrosoft:Bypressingthesubmitbutton,yourfeedbackwillbeusedtoimproveMicrosoftproductsandservices.Privacypolicy. Submit Thankyou. Inthisarticle FCAandPRAoverview ThePrudentialRegulationAuthority(PRA)isresponsiblefortheprudentialsupervisionofaround1,500financialinstitutions,includingbanks,insurancecompanies,buildingsocieties,creditunions,andcertainlargeinvestmentfirms.Asaprudentialregulator,thePRAhasageneralobjectivetopromotethefinancialsoundnessofthefirmsitregulates. TheFinancialConductAuthority(FCA)hasresponsibilityforbusinesssupervisionofallfinancialservicesfirms,whichincludesnearly60,000businesses.TheFCAhasprudentialsupervisionfor49,000firmsandisalsoresponsibleforsupervisingoutsourcingarrangementsestablishedbyfirmsnotsupervisedbythePRA. InJuly2016,theFCApublishedtheFG16/5Guidanceforfirmsoutsourcingtothecloudandotherthird-partyITservicesintendedtohelpfirmsauthorizedundertheFinancialServicesandMarketsAct2000(FSMA)overseeallaspectsoftheiroutsourcingarrangements.Thisguidancewassubsequentlyupdatedtotakeaccountofmorerecentregulatorydevelopments,suchastheimplementationoftheEuropeanBankingAuthority(EBA)Guidelinesonoutsourcingarrangements(EBA/GL/2019/02)whichwasenactedinSeptember2019.ThecurrentversionoftheFCAguidancewaspublishedinSeptember2019followingthisdevelopment. InDecember2019,thePRApublishedaconsultationpaperCP30/19Outsourcingandthird-partyriskmanagement,whichtakesintoaccountboththeEBAGuidelinesonoutsourcingarrangementsandtheEuropeanInsuranceandOccupationalPensionsAuthority(EIOPA)Guidelinesonoutsourcingtocloudserviceproviders.InMarch2021,thePRApublishedapolicystatementPS7/21Outsourcingandthird-partyriskmanagementthatprovidesfeedbacktoCP30/19responsesandcontainsthePRA'sfinalSupervisoryStatementSS2/21Outsourcingandthird-partyriskmanagement. Note SupervisoryStatementSS2/21setsoutthePRA'sexpectationsofhowPRA-regulatedfirmsshouldcomplywithregulatoryrequirementsandexpectationsrelatingtooutsourcingandthird-partyriskmanagement.FirmswillbeexpectedtocomplywiththeexpectationsinSS2/21by31March2022. Formoreinformation,seethePRA'sOutsourcingandthird-partyriskmanagementdocumentation. ThereareadditionalrequirementsandguidelinesthatfinancialinstitutionsintheUnitedKingdomshouldbeawareofwhenmovingtothecloud,includingtheFSMA,SeniorManagementArrangements,Systems,andControlsSourcebook(SYSC)intheFCAHandbook,theEuropeanBankingAuthority(EBA)FinalReportonRecommendationsonOutsourcingtoCloudServiceProvidersEBA/REC/2017/03,andothers. ToassistUKfinancialservicesfirmsregulatedbytheFCAandPRAwithcloudadoption,MicrosofthaspublishedseveraldocumentsdescribedinGuidancedocuments. Servicesinscope MicrosoftonlineservicesdiscussedinourFCAandPRArelatedguidancedocumentsinclude: Azure Dynamics365 Microsoft365 MicrosoftIntune Guidancedocuments MicrosoftguidancedocumentsrelevantforfinancialservicescustomersintheUKcanbedownloadedfromtheServiceTrustPortalDataProtectionResources-ComplianceGuidessection: MicrosoftCloud-EnablingCompliance-Microsoft'sapproachtotheupdatedFCAcloudguidance MicrosoftCloud-ChecklistforFinancialInstitutionsintheUK MicrosoftCloud-NavigatingyourwaytothecloudintheUK AlsoavailablefromtheServiceTrustPortalDataProtectionResources-FAQandWhitePaperssectionisthefollowingFCA-relevantguidance: RiskAssessmentandComplianceGuideforFinancialInstitutionsintheMicrosoftCloud Resources Azurecompliancedocumentation Azureenablesaworldofcompliance Microsoft365complianceofferings ComplianceontheMicrosoftTrustCenter FinancialConductAuthority(FCA) FCAHandbook SeniorManagementArrangements,Systems,andControlsSourcebook(SYSC)intheFCAHandbook SYSC8Outsourcing FCAFG16/5Guidanceforfirmsoutsourcingtothecloudandotherthird-partyITservices PrudentialRegulationAuthority(PRA) PRAOutsourcingandthird-partyriskmanagement EuropeanBankingAuthority(EBA) EBAGuidelinesonoutsourcingarrangements(EBA/GL/2019/02) MicrosoftCloudfinancialservicesresources MicrosoftCloudfinancialservicescomplianceprogram FinancialServicesindustryusecases Inthisarticle