|
Banks increasingly use third-party tech companies, such as
Microsoft, Amazon and Google, for cloud computing to run key
services, raising concerns among regulators about the impact on
the financial sector if a provider used by many banks went down.
"Ongoing digitalization has led to rapid adoption of innovative
approaches in the banking sector," the Basel Committee said in a
statement.
"As a result, banks have become increasingly reliant on third
parties for services that they had not previously undertaken."
The committee, made up of regulators from the G20 and other
countries, proposed 12 principles for banks and their regulators
to apply, noting that the bank's board of directors has ultimate
responsibility for oversight of third-party arrangements.
"As with all business processes, documentation evidencing key
decisions (e.g. third-party strategy, board minutes reflecting
decision to enter into a critical... arrangement) should be
maintained in banks' records," Basel said in its consultation
paper.
Third-party services have come under increased scrutiny as
hackers continually try to breach banks' cyber defenses and
undermine operational resilience, leading to suspension of
customer services for hours or even days.
The European Union has approved a Digital Operational Resilience
Act (DORA) to improve resilience in the financial sector from
January next year, with Britain doing likewise.
Basel said banks should undertake "appropriate due diligence" of
risks before they sign contracts with third parties, and monitor
how the service is performing.
Banks should also maintain "robust business continuity"
management so they can operate during a disruption, Basel said.
(Reporting by Huw Jones; Editing by Emelia Sithole-Matarise)
[© 2024 Thomson Reuters. All rights
reserved.]
This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content.
|
|
