FIN.

UK Finance paper on the PRA’s outsourcing expectations

UK Finance has published a paper on the PRA’s supervisory statement on outsourcing and third-party risk management (SS2/21). The paper summarises the key elements of SS2/21 and reminds firms that they are expected to comply with the PRA’s expectations by 31 March 2022. The paper also highlights the following challenges faced by industry:

  • interdependencies between operational resilience and third-party risk management (TPRM) – clear linkages must be established between firms’ operational resilience agendas and TPRM programmes;
  • views on broader contract remediation – a plan should be developed to tackle legacy remediation of all other contracts at minimum at their point of renewal;
  • sub-outsourcing – firms should develop an understanding of their fourth party or sub-outsourcing population through methods such as inclusion in the due diligence process or supplementary steps in supplier assurance; and
  • appropriate level of assurance on third parties – solutions relating to due diligence or assurance outcomes need to be embedded into a firm’s operating model, with agreed control framework and risk thresholds.

Lucy Hadrill