Join our interactive TPRM by Design Workshop with GRC 20/20 analyst Michael Rasmussen on May 21 in London to transform and mature your TPRM program - REGISTER NOW
Aravo Pattern - Header

Third-Party Risk Management Guidance, Regulations & Standards

In the world of third-party risk management, organizations need to navigate a complex and expanding web of guidance, standards and regulations. A strong TPRM program depends on aligning these requirements with internal compliance and risk frameworks. Here, you can explore an overview of major industry standards and regulations that can help you ensure third-party compliance and build a more resilient business.

Regulators have made clear that third parties should attest to and align with your compliance, ethics, and risk management standards and obligations. Aravo enables customers to easily capture, update, manage and retain third party attestations and certifications with these regulations and other ethics and compliance standards.

  • Regulation Type : Financial Conduct Authority (FCA), UK

Financial Services

 Financial Conduct Authority (FCA), UK

Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions

Published in July 2014, this document provides a list of questions for financial services firms to consider when evaluating or engaging with third parties for technology services which are critical to firmsโ€™ operations. The questions cover the decision to use an outsource provider, the selection of a provider, and ongoing maintenance of the relationship with the provider, among other issues.

Read the guidance


Cyber and Technology Resilience: Themes from cross-sector survey 2017/2018

A survey, released in November 2018, of 296 firms by the FCA highlighted key areas of regulatory development going forward. Firms acknowledged challenges in managing their third parties. For example, third-party issues, such as an IT failure at an important supplier, accounted for 15% of the operational incidents reported to the FCA โ€” this was the second highest root cause. As well, only 66% of large firms and 59% of smaller firms understood their third-partiesโ€™ response and recovery plans.


Guidance for firms outsourcing to the โ€˜cloudโ€™ and other third-party IT services

Published in July 2018 after a consultation period, the guidance includes a list of areas that UK-based financial services firms should consider when engaging with third-parties to provide IT services. The FCA wants firms to consider international standards, legal and regulatory obligations, risk management, the oversight of the service provider, data security, access to the third-partyโ€™s premises, business continuity, and other issues.


SYSC 8.1 Outsourcing

SYSC 8.1 Outsourcing sets out requirements for firms to manage the risks associated with outsourcing activities, including those involving third-party service providers.

โ€œOutsourcing of important operational functions must not impair materially the quality of a firmโ€™s internal control and the ability of the FCA to monitor the firmโ€™s compliance with all obligations under the regulatory system.โ€

Read the full guidance

Source Regulation


SYSC 13.9 Outsourcing

SYSC 13.9 Outsourcing is a regulatory requirement under the FCA rules, which aims to ensure effective risk management when firms outsource operational activities to third-party service providers.

โ€œOutsourcing may affect a firmโ€™s exposure to operational risk through significant changes to, and reduced control over, people, processes and systems used in outsourced activities.โ€


Insurance

 Financial Conduct Authority (FCA), UK

Insurance Act 2015 (UK)

This act modernizes insurance contract law in the UK and introduces reforms to enhance consumer protection and clarify insurersโ€™ and policyholdersโ€™ rights and obligations.


Financial Services and Markets Act 2000 (FSMA)

This primary legislation regulates financial services, including insurance, in the UK. It establishes the regulatory framework for insurance companies, intermediaries, and other financial institutions.



The information contained on this page is for reference and informational purposes only.  As such, Aravo expressly disclaims any and all legal and professional liability associated with the content and any suggestions and/or recommendations provided therewith.

Our Expertise
Expertise
Box_BG_Texture

Learn More About Our Partners

Interested in partnering with Aravo?