Third Party Apps

Strengthening Financial Resilience with Third-Party Apps

Introduction

Recent discoveries have left the public sector’s digital supply chain vulnerable, which raises concern over third-party apps. The recent CrowdStrike IT system collapse demonstrates the growing need for more digital resilience in the financial sector. Regulatory endeavours to address the risk associated with third-party software use have demanded multi-component transformations within the organization for many years.

Lack of Stressed Exit Plans Among Financial Institutions

According to a recent survey by Escode and CeFPro, only 20.8 % of financial professionals have sufficient exit preparation for nearly all third-party agreements, including those with software providers. Given the prevalence of third-party software in financial services, the potential risks of supply chain interruptions continue to worsen. A significant number of regulators, including the Bank of England and the Office of the Comptroller of the Currency have established principles for enhancing third-party risk management.

Role of Regulatory Bodies in Ensuring Resilience

One of the regulatory efforts that are most comprehensive is the European Union’s Digital Operational Resilience Act (DORA). DORA requires stressed exit plans in third-party contracts. The Galitz-style clauses are critical to protecting financial services from supplier disasters, such as cloud outages and software company bankruptcies. DORA is not scheduled to come into force until January 2025, but they are ready for it to be implemented by only a small fraction of financial organizations.

Advertisement Know Tech News

Survey Results Identify The Lack of Preparedness

The survey results showed that only 18.7% of respondents were fully confident with their third-party exit plans. Thus, most institutions still do not have stressed exit plans for the majority of their agreements. This is indeed an alarming and risky gap, supported by such fresh incidents as the UniSuper incident when 500,000 members lost access to accounts as a result of a Google Cloud misconfiguration.

The Role of Third-Party Apps in Financial Services

Financial institutions are only growing more reliant on intricate third-party app and supplier ecosystems, which heightens the risk of disruption. Regulatory authorities stress that strong governance is critical; however, too many organizations yet fail to adequately implement an exit strategy.

Advertisement Know Tech News

Expert Insights on The Importance of Third-Party Risk Management:

Wayne Scott, Regulatory Compliance Solutions Lead, Escode: “The low number of exit strategies employed by institutions is worrying. More education and assistance are needed to enable organizations to incorporate such vital approaches, as well as more information sharing on supplier failures, scenario testing and escrow agreements with software suppliers.”

Conclusion

In light of the expanding landscape of third-party apps in the financial industry, a stronger approach to risk management and regulatory compliance is necessary. Although global regulators are urging the best third-party governance, the financial sector should rapidly put in place stressed exit plans to alleviate prospective disruptions. Appropriate preparation and compliance with regulatory requirements, such as DORA, are critical for operational resilience in the face of today’s dynamic digital jungle.

FAQs

Financial institutions rely on third-party apps for their services. When such suppliers fail or have an outage, the entire financial operation is at stake.

DORA stands for Digital Operational Resilience Act, which is a regulatory framework introduced by the European Union. It presents an obligation for financial institutions to have exit plans for all their third-party apps agreements to ensure no service disruptions experience.

Only 20.8% of financial institutions have existing proper plans for their third-party apps and agreements. 

Approximately 500,000 members lost access to their accounts after a Google Cloud misconfiguration caused a massive failure.

The institutions can do this by imitating the regulatory routine. It is subject to conducting the scenario test and having solid escrow agreements with app providers.

Loading

0
Would love your thoughts, please comment.x
()
x