Editor’s Note: In this week’s edition of our blog series, Third-Party Risk Management: How to Stay Off the Regulatory Radar, we take a look at the European Banking Authority (EBA) requirements related to third parties. Please be sure to review all the blogs in this series, and download the white paper for a complete examination of requirements.
The European Banking Authority (EBA) is an independent EU authority that works to ensure effective and consistent regulation and supervision across the European banking sector. Its overall objectives are to maintain financial stability in the EU and to safeguard the integrity, efficiency, and orderly functioning of the banking sector.
In early 2019, the EBA published revised Guidelines on Outsourcing Arrangements, including specific provisions for financial institutions’ governance frameworks within the scope of the EBA's mandate with regard to their outsourcing arrangements and related supervisory expectations and processes. The recommendation on outsourcing to cloud service providers, published in December 2017, is integrated into the guidelines. These guidelines are consistent with the requirements on outsourcing under the Payments Services Directive (PSD2), the Markets in Financial Instruments Directive (MiFID II) and the Commission's Delegated Regulation (EU) 2017/565.
The EBA, recognizing the vast ecosystem in financial services and the various types of integrated services used, dedicated 70 pages to the management of outsourcing in the financial services industry, plus another 55 pages for responses to comments on these guidelines.
Highlights from these requirements include a sound outsourcing framework that:
Prevalent can help address these requirements. For the purposes of this blog, however, we have summarized select EBA requirements and identified Prevalent Third-Party Risk Management Platform capabilities that demonstrate the breadth and value you can gain from our complete TPRM platform. For a complete listing of the EBA requirements and how Prevalent capabilities map directly into them, please be sure to download the white paper, The Third-Party Risk Management Compliance Handbook.
To address EBA requirements, Prevalent:
The EBA guidelines require robust management and tracking of service provider risks. They specify that a policy for managing risk should be in place, including internal controls-based assessments and continuous monitoring of third-party outsourcing arrangements. The policy should be codified in a contract between the financial institution and the outsourcing relationship, with proper documentation and reporting for both remediation efforts and audit capabilities.
Prevalent’s Third-Party Risk Management solution provides a complete framework for implementing management, auditing, and reporting to achieve EBA Outsourcing Guidelines compliance. Contact us today for a demo to see how.
Enhanced cybersecurity supply chain risk management guidance has arrived with the final NIST CSF 2.0. Check...
09/25/2024
Learn how integrating the NIST Privacy Framework with third-party risk management (TPRM) helps organizations enhance data...
09/12/2024
Consider these best practices to ensure third-party service providers adequately protect your customer NPI data.
09/04/2024