Featured Product

    BCBS Sets Out Findings on Outsourcing and Concentration Risk Practices

    March 30, 2022

    In a recent statement, the Basel Committee on Banking Supervision, or BCBS, summarized findings of the outreach sessions with private-sector participants and supervisors from various jurisdictions with respect to the practices for third- and fourth-party risk management and concentration risk.

    The outreach sessions were aimed to assess the status of better established practices related to third-party risk management and to exchange views regarding evolving practices related to fourth-party risk management and concentration risk. The outreach sessions confirmed the importance of banks implementing the practices set out in the Principles for Operational Resilience (POR) and the revised Principles for the Sound Management of Operational Risk (PSMOR). Among other matters discussed, banks and supervisors noted the following: 

    • Primary gaps related to firms' third-party risk management include a lack of clarity regarding respective bank and service provider responsibilities, insufficient monitoring of critical fourth parties, inadequate challenge or oversight from second lines of defense, and a lack of developed and tested business continuity plans.
    • Banks and supervisors are concerned that a lack of complete supply chain transparency may increase operational risk. Risk-management efforts are focused on immediate suppliers, though key risks stemming from outsourcing arrangements may be driven by suppliers further down the supply chain.
    • While several banks maintain formal exit strategies with respect to critical suppliers, they often lack sufficient detail and testing and identifying the appropriate stage to execute a strategy can be unclear.
    • There are a range of tools for managing operational disruptions, such as the substitutability of a third-party service provider and contracting for enhanced resilience options or service levels offered by service providers. Exit strategies designed to guide transitions that occur over longer time periods may not be as useful as other tools for curing operational disruptions.

    Consistent with the POR and revised PSMOR, outreach participants indicated that the third- and fourth-party risk management arrangements of banks should reflect strong governance and the integration of risk management in their due diligence processes. Participants noted that when using industry-wide consortia to support their risk assessment and due diligence efforts, banks should not outsource their risk management responsibilities. Participants further observed that appropriate business continuity and contingency planning procedures and exit strategies support banks' operational resilience in the event of a failure or disruption at a third party that would impact the provision of critical operations. As a related matter, it was agreed that banks' business continuity plans should assess the substitutability of third parties that provide services to a bank's critical operations and other viable alternatives that may facilitate operational resilience in the event of an outage at a third party, such as bringing the service back in-house. With respect to concentration risk, participants noted that banks should collaborate with service providers in planning for potential failures and developing appropriate options. The Committee will continue to carefully monitor banks' third- and fourth-party risk management and concentration risk-related arrangements as well as potential systemic risks arising from the concentration of services provided by specific entities.


    Related Link: Press Release


    Keywords: International, Banking, Operational Risk, Operational Resilience, POR, PSMOR, Systemic Risk, Third-Party Risk, Outsourcing Risk, Cloud Service Providers, Business Continuity, BCBS

    Featured Experts
    Related Articles

    CFPB Finalizes Rule on Small Business Lending Data Collection

    The Consumer Financial Protection Bureau (CFPB) published a final rule that sets out data collection requirements on small business lending, under section 1071 of the Dodd-Frank Act.

    March 30, 2023 WebPage Regulatory News

    BCBS to Consult on Pillar 3 Climate Risk Disclosures by End of 2023

    The Bank for International Settlements (BIS) published a summary of the recent Basel Committee (BCBS) meetings.

    March 23, 2023 WebPage Regulatory News

    FINMA Approves Merger of Credit Suisse and UBS

    The Swiss Financial Market Supervisory Authority (FINMA) has approved the takeover of Credit Suisse by UBS.

    March 21, 2023 WebPage Regulatory News

    BOE Sets Out Its Thinking on Regulatory Capital and Climate Risks

    The Bank of England (BOE) published a working paper that aims to understand the climate-related disclosures of UK financial institutions.

    March 13, 2023 WebPage Regulatory News

    US Congress Report Examines Data Privacy and Cybersecurity Regulations

    The U.S. Congressional Research Service published a report on banking, data privacy, and cybersecurity regulation.

    March 13, 2023 WebPage Regulatory News

    OSFI Finalizes on Climate Risk Guideline, Issues Other Updates

    The Office of the Superintendent of Financial Institutions (OSFI) is seeking comments, until May 31, 2023, on the draft guideline on culture and behavior risk, with final guideline expected by the end of 2023.

    March 12, 2023 WebPage Regulatory News

    EU to Conduct One-Off Scenario Analysis to Assess Transition Risk

    The European authorities recently made multiple announcements that impact the banking sector.

    March 10, 2023 WebPage Regulatory News

    APRA Assesses Macro-Prudential Policy Settings, Issues Other Updates

    The Australian Prudential Regulation Authority (APRA) published an information paper that assesses its macro-prudential policy settings aimed at promoting stability at a systemic level.

    March 07, 2023 WebPage Regulatory News

    BIS Paper Examines Impact of Greenhouse Gas Emissions on Lending

    BIS issued a paper that investigates the effect of the greenhouse gas, or GHG, emissions of firms on bank loans using bank–firm matched data of Japanese listed firms from 2006 to 2018.

    March 03, 2023 WebPage Regulatory News

    HMT Mulls Alignment of Ring-Fencing and Resolution Regimes for Banks

    The HM Treasury (HMT) is seeking evidence, until May 07, 2023, on practicalities of aligning the ring-fencing and the banking resolution regimes for banks.

    March 02, 2023 WebPage Regulatory News
    RESULTS 1 - 10 OF 8810