Skip to content
Insights paper: EU Financial Services Guidance for IT Outsourcing Regulation and Managing Third-Party Risk

News -

Insights paper: EU Financial Services Guidance for IT Outsourcing Regulation and Managing Third-Party Risk

Across the European Union (EU) financial services sector, there has been an increasing tendency to outsource activities to improve efficiency and flexibility and reduce costs. Of all the activities that firms are choosing to outsource IT has become the most prevalent, outsourcing to Cloud service providers has also gained importance (1).

The management body of each financial institution remains responsible for that institution and its activities at all times - European Banking Authority (EBA)

Whilst IT outsourcing can prove to be very beneficial to an organisation, relying on third-parties to provide critical or important functions brings additional risk and a responsibility to properly govern, manage and mitigate the associated risks.

Regulators are understandably concerned over the increasing reliance on third-parties and have proposed tighter rules for financial services firms wanting to outsource functions, with stricter and stronger rules for the outsourcing of essential operations such as IT. Regulators across the EU have made it clear that institutions must maintain responsibility for all outsourced functions and oversee and manage all risks.

To properly manage the risks associated with IT outsourcing and ensure compliance, financial services firms must first understand current EU regulation and then implement robust end-to-end risk management programmes which ensure compliance.

To support EU financial services organisations on their journey to compliance we have compiled the key EU regulations around IT outsourcing, highlighting any specific rules and guidance around business continuity and contingency planning for critical functions. In this paper, you’ll also find NCC Group’s best practice advice and recommended solutions for managing third-party risk and ensuring compliance.

Download the paper here

(1) Consultation on draft Guidelines on outsourcing (EBA/CP/2018/11)



NCC Group Press Office

NCC Group Press Office

Press contact All media enquires relating to NCC Group plc +44 7976234970

Related content

NCC Group exists to make the world safer and more secure

In today’s threat landscape understanding the risks organisations and customers are exposed to is more important than ever.

Understanding the impact and how to be more resilient is key to protecting brand, reputation and sensitive customer information. Building a cyber-resilient organization can be a complex process but it’s not impossible.

With our knowledge, experience and global footprint, we help assess, develop and manage cyber resilience posture.

NCC Group Newsroom
XYZ Building, 2 Hardman Boulevard, Spinningfield
M3 3AQ Manchester
United Kingdom