Nos derniers articles

This consultative document outlines a new initiative to organize its extensive library of regulatory guidance and industry practices. By transitioning from individual PDF documents to a consolidated modular framework, the Committee aims to improve the accessibility and long-term maintenance of these materials. This reorganization involves streamlining existing content by removing outdated or repetitive information, resulting in a substantial reduction of total guidance volume. The draft chapters cover diverse topics, ranging from risk management and operational resilience to the prevention of financial service abuse. While the structure is being modernized for a user-friendly online experience, the Committee emphasizes that these changes do not alter current policies or introduce new mandates. Stakeholders are invited to provide feedback on the clarity of the framework and the relevance of the included materials before the project is finalized in late 2026.

These proposed guidelines update the 2019 EBA Guidelines on Outsourcing to align with the Digital Operational Resilience Act (DORA). Key aspects include:
◾ 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸: Financial entities must assess, monitor and mitigate risks throughout the third-party arrangement lifecycle, including due diligence, contractual phases and exit strategies.
◾ 𝗣𝗿𝗼𝗽𝗼𝗿𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘁𝘆 𝗣𝗿𝗶𝗻𝗰𝗶𝗽𝗹𝗲: The guidelines provide specific criteria for applying proportionality, limiting documentation burdens on financial entities and authorities.
◾ 𝗖𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝘆 𝘄𝗶𝘁𝗵 𝗗𝗢𝗥𝗔: A single register can be used for both ICT and non-ICT services, streamlining information storage and reducing administrative burdens.
◾ 𝗧𝗿𝗮𝗻𝘀𝗶𝘁𝗶𝗼𝗻 𝗣𝗲𝗿𝗶𝗼𝗱: Financial entities have two years to review and amend existing arrangements and update their registers.

The consultation runs until October 8, 2025, allowing stakeholders to provide feedback on the draft guidelines.

A structured IT outsourcing risk management policy is crucial for navigating third-party service complexities. This study proposes a framework integrating IT outsourcing principles with COBIT standards, covering risk identification, analysis, mitigation, and ongoing monitoring. Implementing this policy enhances organizational asset protection, operational continuity, and minimizes outsourcing risks. It improves information security and business process efficiency. This framework provides practical guidance for organizations to effectively manage risks and optimize IT outsourcing value.

FINRA's 2025 guidance emphasizes robust third-party risk management due to increased cyberattacks and outages. Firms must strengthen vendor oversight, enhance incident response planning, address fourth-party risks, and adapt to emerging risks like generative AI. Key steps include updating contracts, due diligence, training, and maintaining a vendor inventory.

The FCA's proposed new regulations require firms to report operational incidents that could harm consumers or the financial system. This broadens the scope of reporting beyond traditional principles. Additionally, firms must notify the FCA of material third-party arrangements, including those that pose risks to the financial system or the firm's ability to meet regulatory obligations. This expanded regulatory focus on the entire lifecycle of services and activities highlights the increasing importance of operational resilience and third-party risk management.

"We conclude that users of the Scope 3 emission datasets should consider data source, quality and prediction errors when using data from third party providers in their risk analyses."

" I develop a firm-level measure of supply chain risk exposure from a novel source of unstructured data---managers' discussions of supply chain-related topics during earnings conference calls and Q&A sessions---using textual analysis techniques including seeded word embedding and bag-of-words-based content analysis."