What Is Critical Third Party?
Critical Third Party is a provider whose services are so important to many regulated firms that its failure could threaten financial stability, attracting direct regulatory oversight of the provider itself rather than only its customers.
Critical Third Party — a provider whose services are so important to many regulated firms that its failure could threaten financial stability, attracting direct regulatory oversight of the provider itself rather than only its customers.
Cloud and, increasingly, AI providers concentrate risk: when many banks and insurers rely on the same few platforms, a single outage becomes a system-wide event. The UK created a Critical Third Party regime under the Financial Services and Markets Act 2023, letting regulators oversee these providers directly, and other jurisdictions are weighing similar tools. It is the macro counterpart to firm-level concentration risk.
Source: UK Financial Services and Markets Act 2023; Bank of England / PRA / FCA Critical Third Parties regime
Plain-language explanation
Cloud and, increasingly, AI providers concentrate risk: when many banks and insurers rely on the same few platforms, a single outage becomes a system-wide event. The UK created a Critical Third Party regime under the Financial Services and Markets Act 2023, letting regulators oversee these providers directly, and other jurisdictions are weighing similar tools. It is the macro counterpart to firm-level concentration risk.
Related terms
See where you stand on AI governance
Take the free 7-question maturity assessment and get a personalised action plan.
Free assessment — 3 minutes →