MAS Sets Out Good Practices on Third-Party Risk Management
The Monetary Authority of Singapore (MAS) published an information paper that sets out good practices on third-party risk management by banks. The paper has been published post the thematic inspections of MAS on the operational risk management standards and practices of selected banks over 2020 and 2021, with a focus on third-party risk management.
The information paper sets out the supervisory expectations, good practices, improvement areas, and case examples observed from the thematic inspections on third-party and operational risk management governance and control framework. MAS observed that the banks have generally established frameworks and processes to provide oversight of operational risk, but implementation effectiveness could be improved. There should be better articulation of key operational risk issues and trends, at both the bank-wide and key business unit levels, to identify emerging risks and determine if additional controls were necessary. With regard to the third-party risk management, MAS observed that banks generally have more established frameworks and processes to manage outsourcing arrangements compared to non-outsourcing arrangements; however, some banks fell short of expectations in management oversight and risk reporting of outsourcing activities as well as on due diligence and ongoing monitoring processes. MAS notes that banks that were still in the early stage of setting up a third-party governance structure largely managed their non-outsourcing arrangements in a decentralized manner through the respective business units, instead of subjecting them to the consolidated oversight of a management committee.
The good practices, as mentioned in the paper, on third-party risk management include cultivating staff competencies in operational risk management, raising risk awareness through the rollout of comprehensive accreditation programs, leveraging technology by implementing bank-wide systems and tools, focusing on emerging risks, including third party and cyber risks, and managing operational risk through a wider lens of non-financial risks such as the reputational and conduct risks. All banks are expected to benchmark their practices against this paper and take steps to address gaps, if any, in a risk-appropriate manner. The design of their controls would consider their specific organizational structures, business models, scale of operations, and risk profiles. The inspected banks have taken, or are taking, remedial actions to improve their frameworks and processes. The good practices highlighted should be referenced by all financial institutions given that they are exposed to similar risks. Non-bank financial institutions are encouraged to adopt the recommended practices where relevant and appropriate to the materiality of the risks posed by their third-party arrangements.
Keywords: Asia Pacific, Singapore, Banking, Operational Risk, Third Party Risk, Regtech, Cyber Risk, Outsourcing Risk, MAS
Previous Article
BCBS Focuses on Real Estate and Leveraged Lending RisksRelated Articles
UK Authorities Consult on Implementation of Basel 3.1 Standards
The UK authorities have published consultations with respect to the Basel requirements for banks. The Prudential Regulation Authority (PRA) published the consultation paper CP16/22 on rules for the implementation of Basel 3.1 standards.
ESAs Issue Multiple Regulatory Updates for Financial Sector Entities
The three European Supervisory Authorities (ESAs) issued a letter to inform about delay in the Sustainable Finance Disclosure Regulation (SFDR) mandate, along with a Call for Evidence on greenwashing practices.
FSB and NGFS Publish Initial Findings from Climate Scenario Analyses
The Financial Stability Board (FSB) and the Network for Greening the Financial System (NGFS) published a joint report that outlines the initial findings from climate scenario analyses undertaken by financial authorities to assess climate-related financial risks.
FSB Issues Reports on NBFI and Liquidity in Government Bonds
The Financial Stability Board (FSB) published a letter intended for the G20 leaders, highlighting the work that it will undertake under the Indian G20 Presidency in 2023 to strengthen resilience of the financial system.
ISSB Makes Announcements at COP27; IASB to Propose IFRS 9 Amendments
The International Sustainability Standards Board (ISSB) of the IFRS Foundations made several announcements at COP27 and with respect to its work on the sustainability standards.
IOSCO Prioritizes Green Disclosures, Greenwashing, and Carbon Markets
The International Organization for Securities Commissions (IOSCO), at COP27, outlined the regulatory priorities for sustainability disclosures, mitigation of greenwashing, and promotion of integrity in carbon markets.
EBA Finalizes Methodology for Stress Tests, Issues Other Updates
The European Banking Authority (EBA) issued a statement in the context of COP27, clarified the operationalization of intermediate EU parent undertakings (IPUs) of third-country groups
EU Finalizes Rules Under Crowdfunding Service Providers Regulation
The European Union has finalized and published, in the Official Journal of the European Union, a set of 13 Delegated and Implementing Regulations applicable to the European crowdfunding service providers.
OSFI Sets Out Work Priorities and Reporting Updates for Banks
The Office of the Superintendent of Financial Institutions (OSFI) published an annual report on its activities, a report on forward-looking work.
APRA Finalizes Changes to Capital Framework, Issues Other Updates
The Australian Prudential Regulation Authority (APRA) finalized amendments to the capital framework, announced a review of the prudential framework for groups.
