sign up log in
Want to go ad-free? Find out how, here.

Bank of International Settlements' Basel Committee say board directors must take ultimate responsibility for outsourced technology services

Technology / news
Bank of International Settlements' Basel Committee say board directors must take ultimate responsibility for outsourced technology services

Banks' boards of directors have ultimate responsibility for overseeing all third-party arrangements, and must approve a clear strategy for these within the financial institutions' risk appetite, and tolerance for disruption, the Basel Committee of the Bank of International Settlements (BIS) suggested.

The Basel Committee proposal is put forward in the Principles of sound management of third-party risk paper which points to banks' increased reliance on third-party service providers (TPSPs) such as tech and cloud companies Microsoft, Amazon Web Services, Google and Oracle and their subcontractors, as part of ongoing digitalisation.

A set of 12 high level principles are laid out in the new paper, which updates the preceding 2005 Outsourcing in Financial Services one, with guidance on effective management of TPSP risk; it also provides guidance for prudential supervisors, the Basel Committee said.

Regulators are concerned that critical and important services concentrated with the same TPSP or a limited number of providers could have implications for banks' critical operations should disruption or failure occur.

The concern extends to the entire sector, the Basel Committee said:

"Risk to the banking sector (and, in some cases, broader financial sector) overall arising from a dependency on one or more services provided by a single TPSP or a limited number of TPSPs (directly or indirectly through nth parties), the disruption or failure of which may have systemic implications," the Committee wrote.

The boards of directors at banks should ensure that their senior management implements policies and processes of the third-party risk management framework or TPRMF; this framework is to be established by the banks, to manage TPSP arrangements.

Banks should also do due diligence on TPSPs to mitigate risk and ensure capacity to deliver, prior to entering into agreements with providers, and ensure contracts clearly describe rights and obligations, responsibilities and expectations of all parties.

Formally known as the Basel Committee on Banking Supervision (BCBS), the organisation is guided by central bank governors of the G10 countries. The 50-year-old organisation now has 45 members from 28 juridictions, including the Reserve Bank of New Zealand, that focus on banking regulation.

Feedback on the proposals in the consultative document should be submitted before October 9 this year, Swiss time.

We welcome your comments below. If you are not already registered, please register to comment.

Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.