Critical third parties
-
FCA confirms new incident and third-party rules after cyberattacks
Regulator says new rules will make existing incident and third-party reporting clearer, more consistent, and easier for firms to follow.
-
The EU’s DORA: Strategic implications for third-party financial service providers
Many global organizations have learned that without appropriate oversight, third parties can become liabilities. Max Veve says DORA is the stand out regulation.
-
FCA work in review: December 22, 2025-January 15, 2026
Our regular roundup of the latest news and developments from the FCA.
-
EU designates critical ICT third-party providers under DORA
European supervisors carried out a systematic assessment of the importance of each service provider to the financial sector, before deciding on designation.
-
BaFin publishes DORA document requirements cheat sheet
Comprehensive register of key documents is relevant to all organizations running digital systems and needing to ensure their security.
-
BaFIN to intensify third-party supervision in 2025
The regulator continues to be concerned about outsourcing dependency and concentration risk and wants to obtain clarity on technology interconnectedness in the financial sector.
-
FINRA monitoring evolving third-party vendor landscape
Information on third-party vendors is used by FINRA in proactive outreach to member firms including alerts and guidance.
-
Privacy experts give advice on complying with DORA and NIS2
Adequate preparation, identifying what and who is critical, and, above all, “practice, practice, practice” highlighted.