The OCC, SEC, FCA, and other international regulatory authorities are showing a lower tolerance for firms experiencing operational resiliency issues when caused by outsourcing their critical functions/”important business services” to other third parties.
Board members and senior managers within firms will be expected to identify their firm’s operational resilience vulnerabilities and drive improvement in their third-party risk management, where weaknesses are found.
Firms will also need to develop better controls and identify potential threats to their outsourced functions by adopting effective third-party risk management programs.
Are your firm’s definitions of a critical function or important business service in line with regulatory guidance?
Have you conducted an assessment of your outsourced critical functions and the operational resiliency tolerances you should adhere to?
Speak to us at Meji Partners to discuss recent regulatory updates on operational resiliency and third-party risk management and what this means for your firm.