The Association for Financial Markets in Europe (AFME) welcomes the joint Prudential Regulatory Authority (PRA) and Financial Conduct Authority (FCA)’s introduction of a more standardised incident reporting framework, but warns that the new regime still risks significantly increasing operational burdens for firms.
Whilst AFME said greater clarity and consistency in the information required during live incidents would support more effective incident management and strengthen the resilience of the financial sector, it notes that the application of the new Incident and Third‑Party Reporting (IREP) framework will place greater operational burden on firms. This is particularly the case given the introduction of “dynamic reporting” which risks creating a system of rolling updates. However, AFME welcomes the merging of PSD2 reporting into the new regime and acknowledges efforts by regulators to align definitions and reduce duplication.
Marcus Corry, Director for Technology & Operations at AFME, said: “We recognise the significant efforts of both authorities to strengthen the UK’s incident reporting framework, and the move toward greater standardisation is a welcome step forward. At the same time, the new regime will introduce substantial operational demands for firms, with a risk that reporting becomes a continuous exercise, particularly for firms subject to enhanced requirements, diverting resources away from managing incidents themselves.”
“We look forward to working closely with the FCA and PRA during the 12‑month implementation period to ensure the reporting model is workable in practice and supports both effective supervision of operational resilience across the sector.”
AFME also supports the establishment of a single portal for submitting incident reports as part of the authorities’ aim to create a more cohesive reporting regime. It is disappointing, however, that firms will still need to maintain parallel internal processes due to the retention of distinct reporting thresholds aligned to each authority’s statutory mandate. By comparison, the EU’s approach under the Digital Operational Resilience Act (DORA) demonstrates that a more unified model is achievable.
AFME looks forward to engaging constructively with the FCA and PRA during the 12‑month implementation period to further refine the regime, taking into account the guidance published today alongside the policy statement.
– Ends –