<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Regulation & Compliance

Is Your Risk Management Program Ready for the New European Banking Authority’s Guidelines?

Angela Gelnaw | March 29, 2019

In June 2018, the European Banking Authority (EBA) put forth guidelines on outsourcing arrangements that highlighted the importance of risk management within financial organizations. The notice of these guidelines was announced in June 2018 and will be enforced later in 2019.

On February 25th of this year, the EBA revised the guidelines to include specific provisions for the governance frameworks of all financial institutions within the scope of this mandate. These provisions, which cover outsourcing arrangements and supervisory expectations and processes, are meant to establish a better framework for financial companies — especially credit institutions, investment firms, and payment/e-money businesses who are all subject to the Capital Requirements Directive. The provisions also now include the recommendation to outsource to cloud service providers.

When thinking about risk management programs through the regulatory lens, it’s critical that organizations — especially financial institutions who work with many third parties  understand the importance of third-party risk assessment, ongoing monitoring, and the minding of concentration risk from fourth parties. Security ratings incorporate all three of these principles and more.

The pending EBA requirements are consistent with other third party regulatory frameworks that have impacted the financial industry recently, such as GDPR, OCC, and NYDFS’ 23 NYCRR 500.  Financial organizations must feel confident in the maturity of their TPRM programs to comply with regulatory standards — this requires ongoing assessment and visibility into their business supply chain. They need to be able to see the security posture of their own organization, their third parties, and their fourth parties. That’s where security ratings become an integral component of regulatory alignment.

BitSight for Third-Party Risk Management immediately exposes cyber risk within a company’s supply chain, helps focus their resources, and works alongside them and their third parties to achieve significant and measurable cyber risk reduction. Security ratings provide insight into the riskiest issues impacting third-party outsourcers, backed by data that correlates to potential security incidents and context from the most engaged community of risk and security professionals.

Armed with this information, financial organizations can gain a holistic picture of their security posture and risk management program within their company. Security ratings give security and risk leaders continuous visibility into cybersecurity issues and allow them to prioritize their remediation strategy to ensure alignment with regulations like the impending EBA requirements.

cyber risk management

Suggested Posts

NERC CIP-013-1: Effective Date, Preparation Strategies, & Impact

The North American Electric Reliability Corporation (NERC) has developed a new set of cybersecurity standards designed to help power and utility (P&U) companies limit their exposure to third-party cyber risks and preserve the reliability...

READ MORE »

Is Your Risk Management Program Ready for the New European Banking Authority’s Guidelines?

In June 2018, the European Banking Authority (EBA) put forth guidelines on outsourcing arrangements that highlighted the importance of risk management within financial organizations. The notice of these guidelines was announced in June...

READ MORE »

Top 5 Trends in Telecom Risk Management

As regulations shift and providers enter new markets, the telecom industry is changing rapidly. In preparation for these changes, telecom risk management professionals must become aware of new risks on the horizon. Privacy and net...

READ MORE »

Subscribe to get security news and updates in your inbox.