Third-party risk
The do-it-all machine: model risk in the age of generative AI
Banks race to understand risks posed by new breed of multi-purpose bots
Top 10 op risks 2026: Cyber stays top, AI risk enters at fifth
Third-party and outsourcing risk climbs to third; fraud and fincrime edge out geopolitical risk
EU clearing houses pressured to diversify cloud vendors
CROs and regulators see tech concentration risk as a barrier to operational resilience
CanDeal looks to simplify third-party risk management
Six-bank vendor due diligence utility seeks international reach
Esma won’t soften regulatory expectations for cloud and AI
CCP supervisory chair signals heightened scrutiny of third-party risk and operational resilience
SGX fortifies its defences to ward off tomorrow’s outages
Exchange operator fosters “breach mentality” to help prepare for business disruption, explains risk chief
New EBA taxonomy could help integrate emerging op risks
Extra loss flags will allow banks to track transversal risks like geopolitics and AI, say experts
Risk managers question US reach of Dora third-party list
Some EU subsidiaries included, but regulator control over cloud providers could still be limited
Chicago data centre outage forced clearers to turn away clients
Friday’s cooling system failure highlights cracks in tech and concentration risk of big CCPs
Why source code access is critical to Dora compliance
As Dora takes hold in EU, access to source code is increasingly essential, says Adaptive’s Kevin Covington
Treasury market urged to beef up operational resilience plans
NY Fed panel warns about impact of AI and reliance on critical third parties
How conflict sharpened Israel’s role in cyber security
Recent growth in offshoring of infosec comes despite regulatory focus on supply-chain resilience
How FCA could help tackle third-party risk in AI
UK regulator’s supercharged sandbox is designed to boost explainability and reduce reliance on vendors
First line of defence dominates third-party risk management
1LoD survey finds 86% of control functions think they have sole responsibility for vendors
Robinhood looks to ‘Chaos Monkey’ for op resilience playbook
Risk Live North America: US broker is ditching emails, using chaos engineering and automating everything in sight
Op risk data: 1MDB scandal still haunts Wall Street
Also: Woodford in hot water, Salesforce voice phishing hooks multiple firms. Data by ORX News
Dora delay leaves EU banks fighting for their audit rights
Regulation requires firms to expand scrutiny of critical vendors that haven’t yet been identified
Banks curb frequency of GRC vendor reviews
Data shows drop in plans to pitch or switch vendors, amid tighter third-party rules – but TPRM bucks the trend
In more than 90% of banks, second line tackles cyber risk
But some regulators would still like to see more 2 LoD risk staffing for infosec and IT disruption
ECB may force banks to rethink cloud just months after Dora
EU regulator pushes multi-cloud strategy for banks, but guidance will not be binding
Regional banks favour scenario analysis over op risk modelling
Domestic and smaller regional players favour scenarios to gauge tail exposure; G-Sibs stick to modelling, for now