Nos derniers articles

These proposed guidelines update the 2019 EBA Guidelines on Outsourcing to align with the Digital Operational Resilience Act (DORA). Key aspects include:
◾ 𝗥𝗶𝘀𝗸 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸: Financial entities must assess, monitor and mitigate risks throughout the third-party arrangement lifecycle, including due diligence, contractual phases and exit strategies.
◾ 𝗣𝗿𝗼𝗽𝗼𝗿𝘁𝗶𝗼𝗻𝗮𝗹𝗶𝘁𝘆 𝗣𝗿𝗶𝗻𝗰𝗶𝗽𝗹𝗲: The guidelines provide specific criteria for applying proportionality, limiting documentation burdens on financial entities and authorities.
◾ 𝗖𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝗰𝘆 𝘄𝗶𝘁𝗵 𝗗𝗢𝗥𝗔: A single register can be used for both ICT and non-ICT services, streamlining information storage and reducing administrative burdens.
◾ 𝗧𝗿𝗮𝗻𝘀𝗶𝘁𝗶𝗼𝗻 𝗣𝗲𝗿𝗶𝗼𝗱: Financial entities have two years to review and amend existing arrangements and update their registers.

The consultation runs until October 8, 2025, allowing stakeholders to provide feedback on the draft guidelines.

A structured IT outsourcing risk management policy is crucial for navigating third-party service complexities. This study proposes a framework integrating IT outsourcing principles with COBIT standards, covering risk identification, analysis, mitigation, and ongoing monitoring. Implementing this policy enhances organizational asset protection, operational continuity, and minimizes outsourcing risks. It improves information security and business process efficiency. This framework provides practical guidance for organizations to effectively manage risks and optimize IT outsourcing value.

FINRA's 2025 guidance emphasizes robust third-party risk management due to increased cyberattacks and outages. Firms must strengthen vendor oversight, enhance incident response planning, address fourth-party risks, and adapt to emerging risks like generative AI. Key steps include updating contracts, due diligence, training, and maintaining a vendor inventory.

The FCA's proposed new regulations require firms to report operational incidents that could harm consumers or the financial system. This broadens the scope of reporting beyond traditional principles. Additionally, firms must notify the FCA of material third-party arrangements, including those that pose risks to the financial system or the firm's ability to meet regulatory obligations. This expanded regulatory focus on the entire lifecycle of services and activities highlights the increasing importance of operational resilience and third-party risk management.

"We conclude that users of the Scope 3 emission datasets should consider data source, quality and prediction errors when using data from third party providers in their risk analyses."

" I develop a firm-level measure of supply chain risk exposure from a novel source of unstructured data---managers' discussions of supply chain-related topics during earnings conference calls and Q&A sessions---using textual analysis techniques including seeded word embedding and bag-of-words-based content analysis."