Proposed GFMA principles regarding Critical Third Parties
Global authorities and regulators are increasingly assessing the risks posed by these critical third parties (CTPs) (including Cloud Service Providers (CSPs) and the potential impact on financial stability. At the core of authorities’ concerns is the possibility that a concentration of services in a small number of TPPs may mean that a failure or disruption, whether technical, commercial, or legal, at one or more of those providers could impact the provision of financial services so severely that it leads to a financial stability event. While the major CSPs are the main use case for this concern, authorities are also considering other IT TPPs, which, while less prominent, could represent a single point of failure. This GFMA paper outlines our set of proposed principles on how to best address these risks and is looking to proactively engage with regulators and standard setters on this important topic.