Basel Committee of banking regulators proposes principles to reduce risk from third-party tech firms

The Basel Committee of banking regulators, consisting of regulators from the G20 and other nations, proposed 12 principles for banks and emphasised that the board of directors holds ultimate responsibility for overseeing third-party arrangements and that they must assume full responsibility for outsourced services and document their risk management strategies for service outages and disruptions.

Banks’ increasing reliance on third-party tech companies like Microsoft, Amazon, and Google for cloud computing services raises regulatory concerns about the potential financial sector impact if a widely used provider experiences downtime. Moreover, increased dependence on third-party services has led to heightened scrutiny due to frequent cyberattacks that threaten banks’ operational resilience and can potentially disrupt customer services. As such, banks should implement strong business continuity plans to ensure operations during disruptions.

In the consultative document, the committee also highlighted the importance of maintaining documentation for critical decisions in banks’ records, such as third-party strategies and board minutes.

Why does this matter?

With the financial sector becoming increasingly reliant on technology and tech companies to provide financial services, it makes them more susceptible to cyber-attacks or incidents, potentially affecting the larger economy. As such, there is an increasing worldwide need to improve the financial sector’s digital resilience. Previously, Europe’s Digital Operational Resilience Act (DORA), scheduled to be operational starting January next year, has also recognised this issue.