Insights paper: EU Financial Services Guidance for IT Outsourcing Regulation and Managing Third-Party Risk
Across the European Union (EU) financial services sector, there has been an increasing tendency to outsource activities to improve efficiency and flexibility and reduce costs. Of all the activities that firms are choosing to outsource IT has become the most prevalent, outsourcing to Cloud service providers has also gained importance (1).
The management body of each financial institution remains responsible for that institution and its activities at all times - European Banking Authority (EBA)
Whilst IT outsourcing can prove to be very beneficial to an organisation, relying on third-parties to provide critical or important functions brings additional risk and a responsibility to properly govern, manage and mitigate the associated risks.
Regulators are understandably concerned over the increasing reliance on third-parties and have proposed tighter rules for financial services firms wanting to outsource functions, with stricter and stronger rules for the outsourcing of essential operations such as IT. Regulators across the EU have made it clear that institutions must maintain responsibility for all outsourced functions and oversee and manage all risks.
To properly manage the risks associated with IT outsourcing and ensure compliance, financial services firms must first understand current EU regulation and then implement robust end-to-end risk management programmes which ensure compliance.
To support EU financial services organisations on their journey to compliance we have compiled the key EU regulations around IT outsourcing, highlighting any specific rules and guidance around business continuity and contingency planning for critical functions. In this paper, you’ll also find NCC Group’s best practice advice and recommended solutions for managing third-party risk and ensuring compliance.
Download the paper here
(1) Consultation on draft Guidelines on outsourcing (EBA/CP/2018/11)
About NCC Group
NCC Group exists to make the world safer and more secure.
As global experts in cyber security and risk mitigation, NCC Group is trusted by over 15,000 clients worldwide to protect their most critical assets from the ever-changing threat landscape.
With the company’s knowledge, experience and global footprint, it is best placed to help businesses identify, assess, mitigate and respond to the evolving cyber risks they face.
To support its mission, NCC Group continually invests in research and innovation, and is passionate about developing the next generation of cyber scientists.
With over 1,800 colleagues in 12 countries, NCC Group has a significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore.