In the world of third-party risk management, organizations need to navigate a complex and expanding web of guidance, standards and regulations. A strong TPRM program depends on aligning these requirements with internal compliance and risk frameworks. Here, you can explore an overview of major industry standards and regulations that can help you ensure third-party compliance and build a more resilient business.
Regulators have made clear that third parties should attest to and align with your compliance, ethics, and risk management standards and obligations. Aravo enables customers to easily capture, update, manage and retain third party attestations and certifications with these regulations and other ethics and compliance standards.
Published in July 2014, this document provides a list of questions for financial services firms to consider when evaluating or engaging with third parties for technology services which are critical to firmsโ operations. The questions cover the decision to use an outsource provider, the selection of a provider, and ongoing maintenance of the relationship with the provider, among other issues.
A survey, released in November 2018, of 296 firms by the FCA highlighted key areas of regulatory development going forward. Firms acknowledged challenges in managing their third parties. For example, third-party issues, such as an IT failure at an important supplier, accounted for 15% of the operational incidents reported to the FCA โ this was the second highest root cause. As well, only 66% of large firms and 59% of smaller firms understood their third-partiesโ response and recovery plans.
Published in July 2018 after a consultation period, the guidance includes a list of areas that UK-based financial services firms should consider when engaging with third-parties to provide IT services. The FCA wants firms to consider international standards, legal and regulatory obligations, risk management, the oversight of the service provider, data security, access to the third-partyโs premises, business continuity, and other issues.
SYSC 8.1 Outsourcing sets out requirements for firms to manage the risks associated with outsourcing activities, including those involving third-party service providers.
โOutsourcing of important operational functions must not impair materially the quality of a firmโs internal control and the ability of the FCA to monitor the firmโs compliance with all obligations under the regulatory system.โ
SYSC 13.9 Outsourcing is a regulatory requirement under the FCA rules, which aims to ensure effective risk management when firms outsource operational activities to third-party service providers.
โOutsourcing may affect a firmโs exposure to operational risk through significant changes to, and reduced control over, people, processes and systems used in outsourced activities.โ
This act modernizes insurance contract law in the UK and introduces reforms to enhance consumer protection and clarify insurersโ and policyholdersโ rights and obligations.
This primary legislation regulates financial services, including insurance, in the UK. It establishes the regulatory framework for insurance companies, intermediaries, and other financial institutions.
The information contained on this page is for reference and informational purposes only. As such, Aravo expressly disclaims any and all legal and professional liability associated with the content and any suggestions and/or recommendations provided therewith.