BERN, SWITZERLAND — The Swiss Financial Market Supervisory Authority (FINMA) flagged outsourcing as a new principal risk facing the financial sector.
Outsourcing key activities does not absolve institutions of responsibility for proper conduct. However, reliance on external service providers creates risks around business continuity and technology governance.
FINMA noted that outsourcing arrangements can increase cybersecurity vulnerabilities. Handing critical systems to vendors may limit visibility into IT controls and incident response capabilities.
The report also cautioned that overdependence on outsourcing concentrates operational risks. If a major provider fails, multiple institutions could face service disruptions simultaneously.
To mitigate outsourcing risks, FINMA advised financial firms to:
- Maintain comprehensive inventories of all outsourcing arrangements.
- Conduct thorough risk analyses before outsourcing functions.
- Ensure service providers meet security and availability standards.
- Monitor and audit vendors extensively.
- Maintain capabilities to resume outsourced activities.
FINMA will review institutions’ outsourcing governance and concentration risks through on-site audits. It expects firms to address outsourcing-related vulnerabilities appropriately as part of their overall risk management.
Though outsourcing finance enables efficiency, overreliance can endanger financial stability. Prudent oversight of third-party relationships remains imperative to avoid operational shocks. FINMA aims to ensure the Swiss financial sector leverages outsourcing without compromising resilience.