Prudential Regulation Authority SS2/21
Prudential Regulation Authority (PRA) SS2/21 is a supervisory statement issued by the PRA, a UK financial regulatory body responsible for the prudential regulation and supervision of banks, building societies, credit unions, insurers, and major investment firms.
SS2/21 outlines the PRA's expectations for the management of outsourcing and third-party risk by financial institutions. The statement applies to all UK banks, building societies, PRA-designated investment firms, and insurance firms regulated by the PRA. The key objectives of SS2/21 are to ensure that financial institutions:
- Have appropriate systems and controls in place to manage outsourcing and third-party risks;
- Conduct appropriate due diligence on potential outsourcing providers and third parties;
- Have effective contractual arrangements with outsourcing providers and third parties that ensure the institution's compliance with regulatory requirements and that the provider operates in a manner consistent with the institution's risk management framework;
- Have appropriate contingency plans in place in the event of an outsourcing provider or third-party failure; and
- Have appropriate governance and oversight structures in place to ensure the effective management of outsourcing and third-party risks.