QA Financial Forum New York | 15 May 2024 | BOOK TICKETS
Close this search box.

Software risk compliance round-up: September


Here is QA Financial’s monthly review of new developments and initiatives in compliance and regulation that affect the management of software at financial firms.


EU finance authorities survey third-party vendors

The European Banking Authority together with the European Insurance and Occupational Pensions Authority and the European Securities and Markets Authority, has released a joint overview of ICT third party providers in the EU as part of efforts to prepare for the introduction of the EU’s Digital Operational Resilience Act (DORA) in 2025. The report identified approximately 15,000 ICT third party providers directly serving financial sector firms across the EU.

The overview also found that “the frequently used ICT third party providers directly support many critical or important functions. Moreover, where financial entities use services to support critical or important functions, or where service continuity would have a high impact, most of such services are non-substitutable.”

Full details here.


European Supervisory Authorities publish criteria for DORA third-party providers

The European Supervisory Authorities (EBA, EIOPA and ESMA) have published technical advice in response to the Digital Operational Resilience Act (DORA) to further specify the criteria for critical ICT third-party providers and to clarify the fees that should be levied on such providers.

The report sets out a number of quantitative and qualitative indicators for determining the level of criticality of a third-party provider. These include:

  • The proportion of financial entities to which the ICT third-party provider provides services.

  • The importance of the financial entity that the third-party provider supports.

  • The number of alternative providers that could replace each third-party provider.

The report then outlines necessary types of regulatory expenditure and how these fees should be levied by third-party providers.

Full details available here.


Operational Res is critical for banks, says FCA

The importance of operational resilience has been highlighted In a letter from Simon Walls, sell-side director at the Financial Conduct Authority (FCA), to the chief executives of wholesale banks active in the UK. 

The FCA expects banks to maintain operational resilience to ensure the safety and soundness of markets, the letter said, as outlined in the FCA’s policy statement PS 21/3 titled:  “Building Operational Resilience.” This policy requires banks to focus on the services they offer rather than just the systems they operate and depend on.

The letter highlighted that a significant point of concern for the FCA  is the increasing reliance of UK financial services firms on third-party services. It said the FCA has observed instances where third-party systems were compromised by cyberattacks. While such breaches can disrupt services, they can also jeopardise the confidentiality of market-sensitive information, it said.

Full article here.


COP28 joins with BIS and UAE Central Bank for techsprint

The presidency of COP28, the 28th United Nations climate change summit, has joined the Bank for International Settlements (BIS) and the Central Bank of the United Arab Emirates in launching a techsprint aimed at: “Promoting innovation in scaling sustainable finance and combating climate change”. The techsprint will address three key areas relating to the use of AI, blockchain and internet of things (IoT) technologies.

“Combating climate change is more urgent than ever,” said Agustín Carstens, General Manager of the BIS, “It calls for a profound change in the way economies operate and grow. To finance the needed transformation, investors need certainty that their funds are channelled to their intended uses.”

Full details available here.


Fed Governor backs “explainable” AI

In a September speech delivered at a conference organised by the National Bureau of Economic Research in Toronto, Governor Lisa D. Cook, a member of the US Federal Reserve Board of governors, highlighted the potential and challenges of generative AI. 

Cook said she acknowledged the transformative capabilities of generative AI in various sectors, emphasising its role in creating content, designs, and software. However, alongside its potential, she went on to highlight the risks associated with the technology. One of the primary concerns is the ability of generative AI to produce misleading or false information, which can have significant implications, especially in the financial sector.

Full article available here.