www.bankingriskandregulation.com
Open in
urlscan Pro
2a04:4e42:400::558
Public Scan
Submitted URL: https://cdn.ftspecialist.exponea.com/banking1/e/.eJwTUtig2qB5MPz_Nt2GS8yN81mPb39_ZIFt8HH9kts7T5dKytVKBWaUlBQUW-nrl5eX6yUl5mVn5qUXZRZn...
Effective URL: https://www.bankingriskandregulation.com/fsb-toolkit-to-tackle-outsourcing-risks/?xnpe_tifc=hke.x._jOfbjhInXxFLu4ypsafeWaeiWhFW_hfUXbfpWt...
Submission: On July 04 via api from IN — Scanned from DE
Effective URL: https://www.bankingriskandregulation.com/fsb-toolkit-to-tackle-outsourcing-risks/?xnpe_tifc=hke.x._jOfbjhInXxFLu4ypsafeWaeiWhFW_hfUXbfpWt...
Submission: On July 04 via api from IN — Scanned from DE
Form analysis 2 forms found in the DOM
GET https://www.bankingriskandregulation.com
<form class="site-header__form" role="search" method="get" action="https://www.bankingriskandregulation.com">
<label class="sr-only" for="search-main">Search</label>
<input type="text" value="" name="s" id="search-main" placeholder="Search" required="">
<button type="submit">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.694 19.697">
<path
d="m19.426 17.029-3.835-3.835a.923.923 0 0 0-.654-.269h-.627a8 8 0 1 0-1.385 1.385v.627a.923.923 0 0 0 .269.654l3.835 3.835a.919.919 0 0 0 1.3 0l1.089-1.089a.928.928 0 0 0 .008-1.308ZM8 12.925A4.924 4.924 0 1 1 12.925 8 4.921 4.921 0 0 1 8 12.925Z">
</path>
</svg>
<span class="sr-only">Submit search</span>
</button>
</form>GET https://www.bankingriskandregulation.com
<form class="site-header__form" role="search" method="get" action="https://www.bankingriskandregulation.com">
<label class="sr-only" for="search-main">Search</label>
<input type="text" value="" name="s" id="search-main" placeholder="Search" required="">
<button type="submit">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.694 19.697">
<path
d="m19.426 17.029-3.835-3.835a.923.923 0 0 0-.654-.269h-.627a8 8 0 1 0-1.385 1.385v.627a.923.923 0 0 0 .269.654l3.835 3.835a.919.919 0 0 0 1.3 0l1.089-1.089a.928.928 0 0 0 .008-1.308ZM8 12.925A4.924 4.924 0 1 1 12.925 8 4.921 4.921 0 0 1 8 12.925Z">
</path>
</svg>
<span class="sr-only">Submit search</span>
</button>
</form>Text Content
Cookies on FT sites
We use cookies for a number of reasons, such as keeping FT Sites reliable and
secure, personalising content and ads, providing social media features and to
analyse how our Sites are used.
Cookie Policy
Functional Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose
of enabling the use of a specific service explicitly requested by the subscriber
or user, or for the sole purpose of carrying out the transmission of a
communication over an electronic communications network.
Preferences Preferences
The technical storage or access is necessary for the legitimate purpose of
storing preferences that are not requested by the subscriber or user.
Statistics Statistics
The technical storage or access that is used exclusively for statistical
purposes. The technical storage or access that is used exclusively for anonymous
statistical purposes. Without a subpoena, voluntary compliance on the part of
your Internet Service Provider, or additional records from a third party,
information stored or retrieved for this purpose alone cannot usually be used to
identify you.
Marketing Marketing
The technical storage or access is required to create user profiles to send
advertising, or to track the user on a website or across several websites for
similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Accept and continue Dismiss Preferences Save preferences Preferences
Cookie Policy {title} {title}
Cookies on FT sites
We use cookies to optimize our website and our service.
Functional Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose
of enabling the use of a specific service explicitly requested by the subscriber
or user, or for the sole purpose of carrying out the transmission of a
communication over an electronic communications network.
Preferences Preferences
The technical storage or access is necessary for the legitimate purpose of
storing preferences that are not requested by the subscriber or user.
Statistics Statistics
The technical storage or access that is used exclusively for statistical
purposes. The technical storage or access that is used exclusively for anonymous
statistical purposes. Without a subpoena, voluntary compliance on the part of
your Internet Service Provider, or additional records from a third party,
information stored or retrieved for this purpose alone cannot usually be used to
identify you.
Marketing Marketing
The technical storage or access is required to create user profiles to send
advertising, or to track the user on a website or across several websites for
similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
Accept Dismiss Preferences Save preferences Preferences
{title} {title} {title}
Toggle Navigation
BUILDING RESILIENT BANKING
Newsletter sign-up
Toggle Search
* Home
* Climate
* Digital & Resilience
* Digital Transformation
* Operational Resilience
* Crypto
* CBDCs
* Financial Stability
* Regulation & Supervision
* Shadow Banking
* Governance
* Culture & Conduct
* Governance & Reporting
* Markets
* Prudential
* Capital
* Recovery & Resolution
* Stress Testing
* Risk Management
Search Submit search
Search Submit search
Analysis, Digital & Resilience
FSB TOOLKIT TO TACKLE OUTSOURCING RISKS
Blake Evans-Pritchard
July 4, 2023
Image: Getty Images
SLOPPY THIRD PARTY SERVICE PROVIDERS ARE COSTING BANKS MILLIONS IN MESSY
SLIP-UPS AND REGULATORY FINES. CAN THE FINANCIAL STABILITY BOARD’S (FSB) NEW
TOOLKIT HELP MITIGATE THE RISK OF OUTSOURCING?
Banks are outsourcing record amounts of work to third party service providers,
but there is a catch. If the provider messes up, the bank is still on the hook.
In June, JPMorgan had to pay the US Securities and Exchange Commission (SEC) $4m
for accidentally deleting millions of emails, despite assurance from a
third-party vendor that these emails could not be deleted.
TSB Bank was hit with a £48.65m fine last year by the UK’s Financial Conduct
Authority for IT failures, which included not “explicitly address[ing] risks
arising from its outsourcing arrangements”. Outsourcing is fast becoming a
growing risk for banks.
REGULATORS INTRODUCE NEW RULES
The UK’s Prudential Regulation Authority (PRA), the European Banking Authority
(EBA), various agencies in the US and the Monetary Authority of Singapore have
introduced new rules to tackle this persistent problem. Now the FSB is weighing
in with a consultation for a new toolkit for financial institutions and
regulators alike.
Matt Smith, chief executive officer of SteelEye, a trade and communications
surveillance platform, says: “The FSB’s job is to make sure that there’s
stability in the markets and that firms are doing the things that they need to
be doing to ensure stability is there. The growth of software-as-a-service
changes how we as an industry behave, and regulators need to consider what the
future will look like.”
> FSB toolkit: main factors to consider when outsourcing
>
> • Criticality of the services being outsourced
> • Onboarding of third party service providers with robust due diligence
> • Strong and enforceable third party contracts
> • Best-in-class tools, such as internationally recognised certifications and
> audit or testing reports
> • Monitoring and oversight of third party service providers
> • Robust business continuity plans and stress exit strategies
FSB ENCOURAGES UNIFORMITY ON OUTSOURCING RULES
Many of these ideas have already been floated in one form or another by national
regulators. The FSB is trying to inject some uniformity into how these rules are
applied, say experts.
Rohit Nag, who leads KPMG UK’s third party risk management service for financial
services, explains: “There are some jurisdictions where a number of large third
party service providers operate from countries with a very different regulatory
landscape to the businesses’ home country.”
The consultation raises the question of what should be classified as a critical
service and what should be thought of as a less-essential support function, says
Luke Scanlon, head of fintech propositions at law firm Pinsent Masons.
Scanlon says: “The more that regulators can address this issue, the easier it
becomes for banks to implement a process to say: ‘for all our critical services
we need to do this and this, and for our other services we need to do something
else’.
“Unfortunately there’s still a lot of fragmentation and misalignment around
this, so it becomes difficult for [cross-border] institutions to follow the
different rule sets and see where the alignment is.”
The FSB shines a light on how it interprets some of the guidelines that
regulators are already applying. Scanlon explains: “Regulators are saying
similar things around business continuity access. If the FSB is saying something
that’s complementary… it’s possible that the regulatory discussions within
[individual] jurisdictions will start taking on the same language.”
WILL THE FSB TOOLKIT MAKE MUCH DIFFERENCE?
Banks already have to contend with the requirements of their home regulator. The
success of the FSB’s toolkit depends on the willingness of national regulators
to embrace the FSB’s spirit of co-operation. The history of financial markets is
littered with examples of regulatory fragmentation.
The Basel framework on banking supervision is a case in point and, despite the
FSB’s best efforts, it proved extraordinarily tricky to get everyone on the same
page. Regulating risks from third parties may be no different.
“It’s probably a step too far to say that the national regulators wouldn’t
endorse the [FSB] toolkit, but what they might do is build their own toolkit on
the back of [these recommendations],” says Scanlon. “If there are nuanced
differences it will be up to the regulators to explain what they are to the
market.”
What do you think of the FSB’s toolkit? Email fsb@fsb.org by August 22, 2023
with the subject line “Third-Party Risk Management and Oversight”.
READ NEXT:
Digital & Resilience, Operational Resilience
January 16, 2023
BANKS PROBE DEEPER INTO THEIR SUPPLY CHAINS TO KEEP REGULATORS ONSIDE
Discussions around operational risk are rippling further down bank supply chains
due to regulators taking more interest in resilience as digitisation gains
momentum. However, there are concerns that not enough... Read more
Read more
SIMILAR ARTICLES
Analysis, Culture & Conduct, Governance, Risk Management
July 3, 2023
THREE LINES OF DEFENCE: TIME FOR A REVAMP?
The holy grail of risk management needs to be beefed up, says the Financial
Markets Standards...
Read more
Analysis, Climate, Governance, Governance & Reporting
July 3, 2023
CLIMATE ACTIVIST SHAREHOLDERS SHAKE UP TACTICS
Bank shareholders are diversifying their activism toolbox, amid dwindling
support for radical climate proposals. Climate shareholder...
Read more
Analysis, Operational Resilience
June 29, 2023
QUANTUM COMPUTING: THE RISKS TO PREPARE FOR
A new blueprint gives banks a headstart on how to tackle security in the quantum
computing...
Read more
* About Us
* Get In Touch
* Advertise With Us
* Modern Slavery Statement
* Privacy Policy
* Cookie Policy
* Terms and Conditions
The Financial Times and its journalism are subject to a self – regulation regime
under the FT Editorial Code of Practice: www.ft.com/editorialcode
A service from the Financial Times
Manage consent Manage consent