Skip to navigation Skip to main content Skip to footer

Guide to complying with Prudential Regulation Authority SS2/21

Guide | 3 pages

Practical guidance for complying with PRA SS2/21 outsourcing and third party risk management requirements

Inside the guide:

  • PRA SS2/21 Regulatory Overview: A clear breakdown of the Bank of England’s expectations for third-party risk.
  • Materiality & Risk Assessments: How to identify 'critical or important' services and conduct vendor due diligence.
  • Resilient Contractual Frameworks: Strategies to strengthen third-party agreements and software supply chain security.
  • Stressed Exit Planning: Expert guidance on documenting and testing plans to prevent total operational lockout.
  • The Role of Software Escrow: Why the PRA advises firms to 'actively consider' escrow for long-term resilience.

Download the guide to learn more about the PRA SS2/21 requirements and how to ensure compliance.

 

💡 Download the PRA SS2/21 Compliance Guide

 

By submitting this form you consent to receive correspondence from Escode. We will not sell your personal information. You can unsubscribe at any time. Privacy Policy.

 

Assessing Your Firm’s Compliance with SS2/21

The Prudential Regulation Authority requires firms to demonstrate that their outsourcing and third-party risk management is operationally resilient. Under the current supervisory statement, firms must be able to evidence:

Documented Materiality

A clear methodology for identifying "critical or important" business services.

Identify critical services

Viable Stressed Exit Plans

Evidence that stressed exit strategies have been tested and are executable without vendor assistance.

Validate exit strategies

Access to Proprietary Assets

Guaranteed legal and technical access to source code and data in the event of vendor insolvency.

Secure technical access rights

Business Continuity Proof

Independent verification that the software supporting important business services can be recovered within your RTO.

Verify recovery objectives

Regulatory alignment shouldn't be a manual burden

Our SS2/21 Compliance Framework simplifies the transition from theory to auditable resilience. Use our structured methodology to categorise your material outsourcing and define technically viable stressed exit plans for your most critical business services.

Download the PRA Compliance Framework
Escode PRA SS221 Compliance Guide (1)

From Compliance Gap to Operational Resilience

Identifying your material risks is only the initial phase of SS2/21 alignment. For 'critical or important' business services, Software Escrow provides the definitive technical safety net.

By securing a verified deposit of your vendor’s source code and critical material in a neutral repository, Escode ensures your firm retains the legal and technical capability to maintain operations should a third party fail.

✓ Evidence Regulatory Compliance: Directly satisfy PRA SS2/21 expectations for 'active consideration' of escrow in stressed exit planning.
Validate Stressed Exit Plans: Move beyond contractual clauses to a 'Plan B' that is technically verified and executable under stress.
Mitigate Concentration Risk: Protect your most critical business services from the systemic impact of unplanned vendor insolvency.


 

Expert Support for Your SS2/21 Strategy

Navigating the complexities of third-party risk management requires more than a guide. Our specialists can facilitate a comprehensive Gap Analysis of your material outsourcing, providing expert recommendations to ensure your stressed exit planning meets the Bank of England’s resilience standards.


 

Skip to navigation Skip to main content Skip to footer