In case you haven't been reading the recent notes from the Bank of England's Financial Policy Committee, a very important nugget is included in their October papers... very important for technology providers to financial institutions, that is. 

The Committee notes that critical suppliers such as cloud service providers can bring benefits, but can also bring concentration risk, and these firms are outside the direct regulatory grip of the PRA and FCA. It looks like that grip is going to extend, to include resilience standards and testing. There will be consultation first in 2022, but the direction of travel looks clear - providers of critical infrastructure to regulated firms are going to come more directly under the jurisdiction of the financial regulators.