Resources – Technology and Operations

Proposed GFMA principles regarding Critical Third Parties

Resource  |  Technology & Operations Resources  |  June 2022

Global authorities and regulators are increasingly assessing the risks posed by these critical third parties (CTPs) (including Cloud Service Providers (CSPs) and the potential impact on financial stability. At the core of authorities’ concerns is the possibility that a concentration of services in a small number of TPPs may mean that a failure or disruption, whether technical, commercial, or legal, at one or more of those providers could impact the provision of financial services so severely that it leads to a financial stability event. While the major CSPs are the main use case for this concern, authorities are also considering other IT TPPs, which, while less prominent, could represent a single point of failure. This GFMA paper outlines our set of proposed principles on how to best address these risks and is looking to proactively engage with regulators and standard setters on this important topic.

ASIFMA Data Vaulting Paper

Resource  |  Technology & Operations Resources  |  June 2022

Regulators are increasingly concerned about the potential for destructive data events, such as a ransomware attack on a financial institution. Data vaulting is coming to be seen as a potential solution that will improve firms’ cyber incident response and recovery capabilities. However, data vaulting has technical limitations which may hinder their ability to provide firms the capabilities needed to meet regulatory expectations for restoration. ASIFMA is proposing principles that regulators should consider before prescribing data vaults. We suggest that authorities should focus on expected outcomes following a destructive data loss event and avoid prescribing solutions for data recovery which may limit financial institutions’ ability to make use of various solutions.

Load More