Content Options:

Content Options

View Options:


You are viewing the version of the document as on 2025-12-01.

CTPS Sch 2 Notification requirements

CTPS Sch 2.1G

1The aim of the guidance in the following table is to give the reader a quick overall view of the relevant notification requirements.

CTPS Sch 2.2G

1It is not a complete statement of those requirements and should not be relied on as if it were.

CTPS Sch 2.3G

1Unless otherwise specified, the notification is to be given to the regulators.

CTPS Sch 2.4G

1Table: Notification requirements

Handbook reference

Matter to be notified

Contents of notification

Trigger event

Time allowed

CTPS 3.2.6R

Any information of which the regulators would reasonably expect notice.

Appropriate disclosure.

Any information of which the regulators would reasonably expect notice.

Appropriate

CTPS 4.2.1R(5) and (6)

Details about central point of contact and changes to those details.

Those details.

The initial notification is made when the critical third party becomes subject to CTPS.

Thereafter, notification is to be given when the details change.

As soon as practicable.

CTPS 5.3.2R

Report of incident management playbook exercise.

That report.

Completion of test.

As soon as practicable.

CTPS 6.1.1R

Interim and annual written self-assessment.

That self-assessment.

Completion of assessment.

For interim written self-assessments - within 3 months of the critical third party being designated by the Treasury.

For annual written self-assessments - annually thereafter.

CTPS 7

Information about risks.

It is to be sent to the firms to which the critical third party supplies systemic third party services.

Sufficient information about risks.

It includes the results of testing and exercising under CTPS 5, the annual self-assessment under CTPS 6.1.1R (redacted as appropriate), and the appropriate maximum tolerable level of disruption set in accordance with CTPS 4.8.1R(2)

Ongoing obligation.

Ongoing obligation.

CTPS 8

Incident reports relating to a CTP operational incident.

Reports should be given to the regulators and affected firms.

Specified details of the CTP operational incident.

The initial incident report is on occurrence.

Thereafter, intermediate incident reports should be given upon any significant change in circumstanc-es from those set out in the initial incident report.

A final incident report should be given on resolution.

Initial incident report: as soon as is practicable. Intermediate incident report(s): as soon as is practicable following a significant change of circumstan-ces.

Final incident report: within reasonable time of resolution.

CTPS 9

Actual or potential circumstances or events that seriously and adversely impact or could seriously and adversely impact the critical third party’s ability to deliver any of its systemic third party services or meet any of its obligations under CTPS, including civil or criminal proceedings, disciplinary measures or sanctions, and insolvency and restructuring proceedings.

Description of event.

Occurrence.

Immediately.

CTPS 10

The critical third party has given a regulator information that is or may be false, misleading, incomplete or inaccurate, or that has or may have changed in a material way.

Details of the matters in column (2), an explanation of how and why such information was provided, and the correct information.

Becoming aware or having information that reasonably suggests that it has or may have provided such information.

Immediately.

CTPS 11

An address in the UK for the service of documents (including relevant documents), and any changes to that information.

The information in column (2).

When the critical third party is designated, and following any change to the information provided.

As soon as practicable.

CTPS 13.5.5R

Cost of skilled person report.

Details of those costs.

When facts arise.

Timely.