Third-party risk
Regulators zero in on third-party risk, resilience
In latest survey, 35% of banks say watchdogs have “significantly increased” focus on third-party risk, with reports of arduous inspections and growing resource strain
More than one-quarter of banks overhaul third-party KRIs
Op Risk Benchmarking data shows more flux – and less confidence – in indicators tracking vendors versus other risks
Ninety-one per cent of banks have specialist teams for resilience risk
Latest survey shows regulatory pressure is driving broader framing of resilience, beyond IT and cyber
The AI bot that left the garage
Senior operational risk exec explains how hidden third-party feature could lead to systemic risk
Risk appetite breaches test development banks
MDBs also more likely to change services or strategy to reduce risk exposure, survey shows
Glass houses: US agencies urged to shore up cyber defences
Email hack at OCC raises concerns over more widespread frailty at regulators
Algos shrugged: AI uptake still lagging in bank op risk
Risk managers acknowledge transformative potential of artificial intelligence – most, from a safe distance
FMIs create culture club for op risk
Exchanges and clearing houses seek to build risk resilience among front-line business, amid concerns of overreliance on second line of defence
Taking the sting out: exchanges and CCPs bolster scenario toolkits
As cyber threats ramp up, the world’s largest exchanges re-assume the worst
Technology is a double-edged sword for FMIs
Exchanges and clearing houses rely on third-party vendors for vital systems, but outsourcing can also lead to duplication and waste
EU banks want the cloud closer to home amid tariff wars
Fears over US executive orders prompt new approaches to critical third-party risk management
Vendor oversight splinters across FMIs
Op Risk Benchmarking: firms grapple with “chaos” of third-party rule changes, amid growing recognition of cyber and resilience threats
OCC’s security chief on generative AI with guardrails
Clearing house looks to scale technology across risk and data operations – but safety is still the watchword
Top 10 operational risks for 2025
The biggest op risks as chosen by senior practitioners – and what they’re doing about them
Banks urged to track vendor AI use, before it’s too late
Veteran third-party risk manager says contract terms and exit plans are crucial safeguards
Start planning for post-quantum risks now
Next-gen quantum computers will require all financial firms to replace the cryptography that underpins cyber defences, writes fintech expert
Expert vision, efficient execution
Why more investors are turning to third-party portfolio implementation platforms to maximise efficiency and impact
BoE warns over risk of system-wide cyber attack
Senior policy official Carolyn Wilkins also expresses concern over global fragmentation of bank regulation
As supplier risk grows, banks check their third-party guest lists
Dora forces rethink of KRI and appetite frameworks amid reappraisal of what constitutes a key counterparty
Dora flood pitches banks against vendors
Firms ask vendors for late addendums sometimes unrelated to resiliency, requiring renegotiation
Op Risk Benchmarking 2024: the banks
As threats grow and regulators bore down, focus shifts to the first line
CFTC weighs third-party risk rules for CCPs
Clearing houses could be required to formally identify and monitor critical vendors
Banks feel regulatory heat on op resilience
Op Risk Benchmarking: supervisors dial up reporting expectations and on-site inspections
An AI-first approach to model risk management
Firms must define their AI risk appetite before trying to manage or model it, says Christophe Rougeaux