Critical Third Parties (CTP) Framework - Regulatory Compliance & Risk Mitigation

Introduction

The UK regulators are increasingly focused on third-party and concentration risk, reflecting concerns about systemic reliance on a small number of critical service providers.

The introduction of the Critical Third Parties (CTP) framework and heightened expectations under PRA CP26/23 and FCA DP3/22 mean firms must now be able to demonstrate robust oversight, credible contingency strategies, and proportionate exit planning.

This course provides a practical, hands-on exploration of how to identify, assess, and mitigate third-party and concentration risks across your organisation. Attendees will work through realistic mapping and testing exercises, review sample exit playbooks, and learn how to produce regulator-ready attestations and governance artefacts.

Attendees of this session can expect to walk away with sample third-party mapping template and concentration risk matrix; example exit and contingency playbook and attestation format; implementation checklist for aligning frameworks to FCA/PRA expectations; and a summary of emerging supervisory focus areas for 2026.

What You Will Learn

This course will cover the following:

• Understand the regulatory framework governing Critical Third Parties and concentration risk in the UK
• Map and assess third-party dependencies for important business services
• Identify and evaluate concentration risks across providers, regions, and service lines
• Design and test exit and contingency plans aligned to FCA/PRA expectation
• Develop proportionate exit playbooks and attestations that evidence board oversight and resilience testing
• Gain access to templates and practical tools to strengthen third-party governance