Third Party Risk Management

March 27, 2020

New guidelines regarding outsourcing has been released. Are you in control of all your critical and important outsourcing providers and do you have a robust contract framework in compliance with the guidelines?

New guidelines

The compliance requirements to outsourced activity are continuously being strengthen. We have during the last months seen both EBA (European Banking Authority) and EIOPA (European Insurance and Occupational Pensions Authority) issue new guidelines on how to assess and monitor the Banks and insurance companies risk relating to outsourced activities.

Critical and important activities

The key aspect is to identify and have strong controls in place on all you critical and important outsourced activities.

You are required to have a very good understanding and detailed insights into your business processes, system landscape, it infrastructure, contract portfolio, vendor management etc. etc. If you do not have the detailed overview, now is a very good time to get it in place, because more and more focus will be put on managing risks outsourced to third parties.

Critical or important features are:

  • If an error or defect in its performance will materially impact:
    • The possibility of fulfilling the conditions of the institution’s license/permit
    • Their financial performance, or
    • Their ability to continue or on a sound basis to provide banking and payment services and activities.
  • Internal control functions
  • Features that require permission
  • Functions needed to perform tasks in key business areas

Are you in control of outsourced activities? How mature are you at managing outsourcing risks?

  • Have you classified all your outsourcing contracts?
  • Are all your contracts with third parties in compliance with the detailed requirements?
  • Have you performed a detailed Risk Assessment of all important and critical processes and activities outsourced to third parties?
  • Are your documentation of both your Risk Assessment and monitoring in place?
  • Have you performed a detailed assessment of all business functions, suppliers and agreements?
  • Have you effective monitoring of critical and important outsourcing activities in place?
  • Have you robust exit strategies in place?
  • Have you alternative suppliers on all critical and important suppliers?
  • Have you performed an assessment of the concentration risks?

Third Party Risk Management can be challenging and require a lot of communication with many stakeholders internally and with our outsourcing partners.

We strongly recommend that you strengthen your risk management of outsourced activities, it will not get easier going forward.

Please reach out if you want to discuss, how you can learn from our experience working with the large Scandinavian Banks on Third party Risk Management. We can setup an inspirational workshop on TEAMS and get you started within the next days.

Written by Claus Andersen

Related news