• 3,000 firms
  • Independent
  • Trusted
Save up to 70% on staff

News » EBA expands outsourcing rules, tightens oversight for financial firms

EBA expands outsourcing rules, tightens oversight for financial firms

Julliana Anne Briones

Posted on July 10, 2025 1 min read
EBA expands outsourcing rules, tightens oversight for financial firms
Photo from Forbes

COURBEVOIE, FRANCE — The European Banking Authority (EBA) is proposing new guidelines to enhance the monitoring of third-party risks, allowing for the coverage of ICT services to be extended beyond current limits, as outlined in the Digital Operational Resilience Act (DORA)

The final rules allow financial firms, such as newly in-scope firms and issuers of various assets, two years to come into compliance.

Expanded guidelines fill gaps left by DORA

While DORA focuses on digital resilience, the updated rules ensure financial firms manage risks across all outsourced functions, including those not tied to technology.

Firms must maintain detailed registers of third-party arrangements, with stricter requirements for critical functions. 

To comply with DORA, the EBA proposed excluding ICT dealings already regulated by DORA from its outsourcing guidelines. 

The new regulations will be extended to cover more areas by increasing their applicability to other non-ICT third-party arrangements, aiming to achieve greater regulatory control.

The step is part of a wider European Union (EU) bid to clamp down as the trend of using external suppliers increases.

Expanded scope to include more entities and activities

A more significant change to the scope of entities regulated is the introduction of asset-referenced tokens and non-bank creditors authorized by MiCAR under the Mortgage Credit Directive. 

Earlier, it covered credit institutions and payment firms, but the revision addresses the changing risks in the financial sector.

Newly in-scope firms are required to have effective risk management systems, including an exit strategy for critical third-party services. 

Management bodies should be proactive in their supervision, allowing regulators to oversee outsourced functions effectively. Compliance deadlines will follow a two-year transition period after finalization.

The EBA’s move signals tighter scrutiny as financial services grow more interconnected, demanding greater accountability from both firms and their third-party providers.

Read more here.

Start your
journey today

  • Independent
  • Free
  • Transparent

About OA

Outsource Accelerator is the trusted source of independent information, advisory and expert implementation of Business Process Outsourcing (BPO)

The #1 outsourcing authority

Outsource Accelerator offers the world’s leading aggregator marketplace for outsourcing. It specifically provides the conduit between Philippines outsourcing suppliers and the businesses – clients – across the globe.

The Outsource Accelerator website has over 5,000 articles, 450+ podcast episodes, and a comprehensive directory with 4000+ BPO companies… all designed to make it easier for clients to learn about – and engage with – outsourcing.

About Derek Gallimore

Derek Gallimore has been in business for 20 years, outsourcing for over eight years, and has been living in Manila (the heart of global outsourcing) since 2014. Derek is the founder and CEO of Outsource Accelerator, and is regarded as a leading expert on all things outsourcing.

Outsource Accelerator in the media

See all media mentions

“Excellent service for outsourcing advice and expertise for my business.”

Learn more
Banner Image
Get 3 Free Quotes Verified Outsourcing Suppliers
3,000 firms.Just 2 minutes to complete.
SAVE UP TO
70% ON STAFF COSTS
Learn more

Connect with over 3,000 outsourcing services providers.

Banner Image

Transform your business with skilled offshore talent.

  • 3,000 firms
  • Simple
  • Transparent
Banner Image