Global regulators tighten bank outsourcing rules
LONDON, UNITED KINGDOM — Global banking regulators are tightening the rules on how banks outsource services to third-party tech companies.
The Basel Committee on Banking Supervision, representing regulators from G20 and other countries, recently proposed new guidelines that place ultimate responsibility for outsourced services on the banks’ board directors.
This move aims to mitigate risks associated with the increasing reliance on tech giants like Microsoft, Amazon, and Google for essential cloud computing services.
Increased reliance on third-party services
The rapid digitalization of the banking sector has led to a significant shift in how banks manage their operations. Traditional and in-house services are now frequently outsourced to third-party providers.
“Ongoing digitalization has led to rapid adoption of innovative approaches in the banking sector,” the Basel Committee noted.
This dependency raises concerns about the potential impact on the financial sector if a widely-used service provider experiences an outage.
Principles for risk management and operational resilience
To address these concerns, the Basel Committee has outlined 12 principles for banks and regulators to follow. These principles emphasize that the board of directors must oversee third-party arrangements and maintain thorough documentation of all key decisions.
“As with all business processes, documentation evidencing key decisions (e.g., third-party strategy, board minutes reflecting decision to enter into a critical… arrangement) should be maintained in banks’ records,” the committee stated in its consultation paper.
The proposed guidelines also stress the importance of conducting due diligence before entering contracts with third parties and continuously monitoring the performance of these services. This is crucial as cyber threats and operational disruptions pose significant risks to banks.
The European Union’s Digital Operational Resilience Act (DORA), set to take effect next year, and similar measures in Britain reflect a broader regulatory trend toward enhancing financial sector resilience.
Global coordination and flexibility
The Basel Committee’s principles aim to create a common baseline for managing third-party risks while allowing flexibility to adapt to evolving technologies and regulatory frameworks. These guidelines are designed to be technology-neutral and applicable to emerging trends such as artificial intelligence and blockchain technology.
The committee has invited comments on the proposed principles until October 9, 2024. This consultative approach underscores the importance of global coordination in addressing the complex challenges posed by the digital transformation of the banking sector.
