BIS’s Basel Committee on Banking Supervision (BCBS) has released a new newsletter focusing on third- and fourth-party risk management and concentration risk. BIS works with banks and other regulatory authorities to promote financial stability by providing policy recommendations and analysis. The BCBS committee “develops global regulatory standards for banks and seeks to strengthen micro-and macroprudential supervision.” BCBS does not have legal force as a formal authority, rather it supports and relies on its members to promote its suggestions and mandates.
Financial institutions, particularly banks, have set the precedent for other industries when it comes to utilizing technologies to help survive the COVID-19 pandemic. However, this increased reliance on third and fourth parties, and their technologies, have caused increased operational risk exposure.
The Committee, through a series of outreach programs that focused on how to improve banks’ TPRM, fourth-party risk management, and concentration risk, recommends the implementation of the Principles for Operational Resilience (POR) and the use of the revised Principles for the Sound Management of Operational Risk (PSMOR) in order to strengthen operational resilience. These were released and revised respectively in 2021 and the committee is continuing to monitor this risk landscape.
These Principles were designed to address new and existing hazards surrounding TPRM and fourth-party risk, which are continuing to evolve due to the increased use of cloud, third, and fourth-party technologies. While these risks can’t be prevented, appropriate management of these technologies and management of concentration risk will help companies withstand and recover from operational risks and disruptive situations.
Concentration risk is direct or indirect exposure, or group of exposures, that has the potential to lead to large losses that can threaten an organization’s ability to perform its core business. This type of risk can be the result of dependence on a geographic area, single vendor or fourth party, or portfolio of investments.
In coordination with POR and PSMOR, BCBS conducted outreach meetings with participants and supervisors from the private sector to analyze how organizations are utilizing TPRM best practices, and to provide a forum for information sharing on concentration risk and fourth-party risk management.
Key insights from these sessions include:
The sessions also noted that banks should not be outsourcing their risk management responsibilities when it comes to their due diligence and risk management processes.
“Consistent with the POR and revised PSMOR, outreach participants indicated that banks’ third- and fourth-party risk management arrangements should reflect strong governance and the integration of risk management in their due diligence processes.”
BCBS Newsletter
Another key component of operational resilience is through thorough use of business contingency and business continuity planning and processes. This is particularly important when it comes to:
In order to reduce concentration risk, participants also stated that banks should work directly with service providers to plan for the case of potential failures.
The Committee will continue to monitor TPRM and fourth-party risk management efforts in reducing concentration risk. They note that implementing POR and PSMOR best practices will strengthen banks’ operational resilience and help them withstand operational disruptions.
Share with Your Friends:
CUSTOMER PORTAL