As part of their efforts to improve the resilience of financial services, regulators are focusing on outsourcing to third parties and how firms manage the risks that arise when those third parties are incorporated into the processes that underpin the delivery of services.

Two specific developments over the last decade are coming under scrutiny in order to reach a better understanding of their impact on the resilience of the sector:

• Greater use of third parties such as fintechs in the delivery of key services
• Use of Cloud computing within technology architecture

It was notable that the UK PRA published a consultation paper on Outsourcing and Third Party risk management on the same day as similar papers on operational resilience in December 2019.

In this paper we will focus on how firms should engage with third parties that are involved in the delivery of Important or Critical Business Services via Capco’s three-phase approach to operational resilience – Prepare, Manage and Learn.

We will look at practicable steps that firms can adopt to better align third parties with their operational resilience environment as well as meet the regulators’ expectations of how those third parties are managed.