Prudential Regulation Authority SS2/21

Prudential Regulation Authority (PRA) SS2/21 is a supervisory statement issued by the PRA, a UK financial regulatory body responsible for the prudential regulation and supervision of banks, building societies, credit unions, insurers, and major investment firms.

SS2/21 outlines the PRA's expectations for the management of outsourcing and third-party risk by financial institutions. The statement applies to all UK banks, building societies, PRA-designated investment firms, and insurance firms regulated by the PRA. The key objectives of SS2/21 are to ensure that financial institutions:

• Have appropriate systems and controls in place to manage outsourcing and third-party risks;
• Conduct appropriate due diligence on potential outsourcing providers and third parties;
• Have effective contractual arrangements with outsourcing providers and third parties that ensure the institution's compliance with regulatory requirements and that the provider operates in a manner consistent with the institution's risk management framework;
• Have appropriate contingency plans in place in the event of an outsourcing provider or third-party failure; and
• Have appropriate governance and oversight structures in place to ensure the effective management of outsourcing and third-party risks.