Third-Party Risk Management Guidance, Regulations & Standards

Products
- Products
  - Third-Party Risk Management
    A third-party management solution to match your program maturity
  - ABAC Compliance
    Combat third-party bribery and corruption risk and comply with international regulations
  - Environmental, Social & Governance (ESG)
    Hold your suppliers to a standard of integrity that reflects your organization’s ESG policies including German Supply Chain Due Diligence Act (LkSG)
  - Financial Services Risk Assessment
    Conduct a comprehensive Financial Services Risk Assessment directly aligned to OCC guidance
  - Information Security
    Protect digital assets by assessing risks from vendors that access your data and/or networks
  - Data Privacy & GDPR
    Ensure vendors are compliant with data privacy regulations and standards, including the CCPA, GDPR and more
  - Performance Management
    Understand, monitor, and manage the performance standards of your third-party suppliers
  - Risk Intelligence Connectors
    Augment Aravo assessments, continuous monitoring, and other due diligence with specialized data providers
  - Supply Chain Resilience
    Prevent, defend, respond, and recover from hazards that put continuity of supply at risk
  - Capabilities
    Pre-configured, best practice solutions that are aligned to customers’ maturity
- What’s New — Aravo for ESG Learn how to build sustainable and ethical supply chains across your extended enterprise
Industry
- Industries
  Supporting successful programs across virtually every sector, we understand your business
  - Financial Services Industry
    A third-party management platform that understands regulatory and compliance requirements
  - Insurance
    Third-Party Risk Management and Compliance for the Insurance Industry
  - Pharma
    Third-Party Risk Management and Compliance Solutions for the Pharmaceutical and Life Sciences Industry
  - High Tech
    Third Party Risk Management and Compliance Solutions for the High Tech Industry
  - Consumer Goods
    Third-Party Risk Management Solutions for the CPG Industry
  - Manufacturing
    Third-Party Risk Management and Compliance Requirements for Manufacturing Companies
- Featured Resource
  
  Learn more about Aravo and how we can help organizations like yours
Resources
- Resources
  - Customer Tools / Aravo Academy
    The Aravo Academy will help get you up and running with Aravo’s technology.
  - Strategic Alignment Framework™
    An adaptive framework aligning your TPRM goals, plan, and delivery program for your organization.
  - Blog
    Aravo’s blog for expert third-party risk and compliance content
  - TPRM Solution Voyage
    Explore how to choose the right TPRM software for your business
  - TPRM Maturity Calculator
    How mature is your third-party risk management program? Calculate your score
  - Events and Webinars
    Explore Aravo’s events and webinars to get the latest in TPRM and compliance trends from leading experts.
  - Glossary
    The ABCs of TPRM. Here you will find business terms risk professionals use on a daily basis
  - Guidance and Regulations
    An overview of the vast range of regulations and guidance that encompass TPRM
- Featured Resource
  
  Get your need-to-know guide on the future of supply chain regulations
About Us
- About Aravo
  Find out more about Aravo, our purpose, and why leading brands trust our technology solutions
  - Expertise
    Market leaders for 20 years, our services professionals have the expertise to work as an extension of your team
  - Leadership
    Our management team. Commited to supporting “Better Business”, delivering the best experience for our customers
  - Partners
    Learn more about our partner ecosystem
  - Press Releases
    Get the latest information on Aravo, including company and product updates
  - Careers
    Explore career opportunities globally and learn more about Aravo culture
- Latest Analyst Report
  
  Learn why Aravo is a third-time category leader for TPRM
Request Demo
Contact

Regulators have made clear that third parties should attest to and align to your compliance, ethics, and risk management standards and obligations. Aravo enables customers to easily capture, update, manage and retain third party attestations and certifications with these regulations and other ethics and compliance standards.

Reset Selections

Financial Services

Financial Conduct Authority (FCA), UK

Considerations for firms thinking of using third-party technology (off-the-shelf) banking solutions

Published in July 2014, this document provides a list of questions for financial services firms to consider when evaluating or engaging with third parties for technology services which are critical to firms’ operations. The questions cover the decision to use an outsource provider, the selection of a provider, and ongoing maintenance of the relationship with the provider, among other issues.

Read the guidance

Cyber and Technology Resilience: Themes from cross-sector survey 2017/2018

A survey, released in November 2018, of 296 firms by the FCA highlighted key areas of regulatory development going forward. Firms acknowledged challenges in managing their third parties. For example, third-party issues, such as an IT failure at an important supplier, accounted for 15% of the operational incidents reported to the FCA — this was the second highest root cause. As well, only 66% of large firms and 59% of smaller firms understood their third-parties’ response and recovery plans.

Read the paper

Guidance for firms outsourcing to the ‘cloud’ and other third-party IT services

Published in July 2018 after a consultation period, the guidance includes a list of areas that UK-based financial services firms should consider when engaging with third-parties to provide IT services. The FCA wants firms to consider international standards, legal and regulatory obligations, risk management, the oversight of the service provider, data security, access to the third-party’s premises, business continuity, and other issues.

Read the guidance

SYSC 8.1 Outsourcing

SYSC 8.1 Outsourcing sets out requirements for firms to manage the risks associated with outsourcing activities, including those involving third-party service providers.

“Outsourcing of important operational functions must not impair materially the quality of a firm’s internal control and the ability of the FCA to monitor the firm’s compliance with all obligations under the regulatory system.”

Read the full guidance

Source Regulation

SYSC 13.9 Outsourcing

SYSC 13.9 Outsourcing is a regulatory requirement under the FCA rules, which aims to ensure effective risk management when firms outsource operational activities to third-party service providers.

“Outsourcing may affect a firm’s exposure to operational risk through significant changes to, and reduced control over, people, processes and systems used in outsourced activities.”

Read the full guidance

Source Regulation

Insurance

Financial Conduct Authority (FCA), UK

Insurance Act 2015 (UK)

This act modernizes insurance contract law in the UK and introduces reforms to enhance consumer protection and clarify insurers’ and policyholders’ rights and obligations.

Read the Act

Financial Services and Markets Act 2000 (FSMA)

This primary legislation regulates financial services, including insurance, in the UK. It establishes the regulatory framework for insurance companies, intermediaries, and other financial institutions.